Morning!
Last week, I wrote the article Is your WordPress blog naked? which described how the default WordPress installation leaves your /plugins and /themes directory open and just shrieking to be invaded.
Alert reader Crow from the hilariously funny Nicky510 just contacted me this morning with the following shockingly commonsensical observation:
"I just slowly realized something. You wrote how anyone can view your plug-ins unless you do something about it? Well, it occurred to me that they can also view anything at all, assuming they can guess the right subdirectory name. Like "images" or "zips", for instance. Then they get all your stuff at a glance (or a grab). I’m adding blank index.html pages to all my subdirectories."
Let me tell you, it’s amazing what you can find that’s so unsecured online! IS your blog and directories so open as well?
Hmmmm?
If so, fix it now! Another solution is to simply manually add the following line to your .htaccess file:
Options -Indexes
That will take care of any new directories you might create in the future as well.
And if you haven’t done so yet, do swing by Nicky510 – not only are the comics insightfully hysterical, but the newsletter SITIS (stuff I think is nifty, I being the author Crow, not I, being Barbara Ling, writer of this post, because I, Barbara….) is also very engaging as well. It’s definitely something that starts your day off right!
Enjoy,
Barbara Ling
Like this post? Please feel free to tell your friends and Digg It – I very much appreciate your time!
Get Started Here
You’ll love what you learn… Promise!