I See Your WordPress Plugins

Wordpress.com LogoSimonne of AllTipsAndTricks.com has posted a helpful tip for WordPress users. By default, the permissions for your WordPress directory are set up in such a way to allow the public viewing access. Like Simonne, I’m not sure what the practicality would be except for those snooping around or those trying to figure out which plugins you have installed in which they can then look for vulnerabilities or exploits in those plugins to hack your site.

The fix is quite simple. You can do one of two things, change the permissions of that directory from 0755 to 0750 or, you can upload a blank index.html file. When I set my plugin folder to 0750, some of my plugins decided to stop working. So I opted for option two. In fact, I added a redirect within my index.html page that redirects the browser to my homepage.

Here is the code I used in my index.html file if you would like to do the same.

Redirect Code I Used In My Index.html File

UPDATE -Thanks to LGR for adding this in via the comments. You can simply add Options -Indexes to your .htaccess file. This will redirect anyone who is trying to view a folder index to your 404 error page without the need of creating empty index.html files. Thanks again LGR.

8 thoughts on “I See Your WordPress Plugins

  1. If you are on an Apache server you can disable index browsing with one line in the .htaccess file on the root folder.

    Options -Indexes

    This means you don’t have to go around creating blank, orphaned index.html files all over the place and keeps people from snooping in other folders as well. I talk about it on my blog here: Disable Indexes using .htaccess

  2. Not a problem. It can save some time, especially when there a quite a few folders that need the indexes added. Plus, this also will log a 404 error in your log file, so you will know hat IP address is snooping around.

  3. Hmmmm… My host has a default 403 page… Fortunately it goes to that if it can’t find a resource (I’ve added some lines for Apache). Unfortunately though, it’s a horrible page with ads.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s