>> Remember, you can subscribe here to receive
goodies like this article automatically via email or feedreader!
>> (NOTE! If you enjoy this post, please feel free to share with your friends and twitter it with the tinylink http://tinyurl.com/5c4gt8 . Thanks, I appreciate it! Oh, and please feel free to comment below...I love reading what you have to say! -- Barbara)
Is YOUR wordpress blog open and inviting thieves? Hat tip to Nicky510
Welcome! If you're new to my site, click HERE to let me show you where the best benefits for yourself are located. Thanks for visiting!
Morning!
Last week, I wrote the article Is your Wordpress blog naked? which described how the default Wordpress installation leaves your /plugins and /themes directory open and just shrieking to be invaded.
Alert reader Crow from the hilariously funny Nicky510 just contacted me this morning with the following shockingly commonsensical observation:
"I just slowly realized something. You wrote how anyone can view your plug-ins unless you do something about it? Well, it occurred to me that they can also view anything at all, assuming they can guess the right subdirectory name. Like "images" or "zips", for instance. Then they get all your stuff at a glance (or a grab). I’m adding blank index.html pages to all my subdirectories."
Let me tell you, it’s amazing what you can find that’s so unsecured online! IS your blog and directories so open as well?
Hmmmm?
If so, fix it now! Another solution is to simply manually add the following line to your .htaccess file:
Options -Indexes
That will take care of any new directories you might create in the future as well.
And if you haven’t done so yet, do swing by Nicky510 - not only are the comics insightfully hysterical, but the newsletter SITIS (stuff I think is nifty, I being the author Crow, not I, being Barbara Ling, writer of this post, because I, Barbara….) is also very engaging as well. It’s definitely something that starts your day off right!
Enjoy,
Barbara Ling
Like this post? Please feel free to tell your friends and Digg It - I very much appreciate your time!
Popularity: 5% [?]
Related posts:
- Easy Ad-optimized Wordpress blogs to boost your income and monetize your site
- Welcome Blog Showcase visitors!
- Thank you for your interest!
- Today’s Thought of the Day - The Meaning of Life
- Crosspost to Myspace from Wordpress plugin!
Subscribe to the comments for this post
Hi Barbara - Thanks for this. Someone had been getting into my blog because they’ve tried to change the password a couple of times. I’ve submitted this to Digg, so that others will get to know about it.
Cath Lawson’s last blog post..How Far Can You Go Before You Bump Your Head?
Thanks so much! Your comment gives me an idea about a followup post - stay tuned for tomorrow!
Thanks for stopping by, Barbara
Barbara Ling, Virtual Coach’s last blog post..Is YOUR wordpress blog open and inviting thieves? Hat tip to Nicky510
Hey, Barbara! This is very useful info for me!
Thanks,
Evelyn
Evelyn Lim | Attraction Mind Map’s last blog post..Face Up To Your 6 Basic Fears
Glad you enjoy it! This week, I’ll be taking that kind of information to the limit…stay tuned!
Thanks for stopping by, Barbara
Barbara Ling, Virtual Coach’s last blog post..Wordpress for iPhone, download now! (PLUS 20 other resources)
Seems obvious after the fact, doesn’t it? Security through obscurity doesn’t work if almost everyone has the same directory structure.
Glenn Palmer’s last blog post..What’s Retirement Mean to You?
I certainly agree with you there!
Thanks for stopping by, Barbara
This is good info that I will pass on to my users as well, however… A good host would have had directory listings turned off by default. Hosts need to learn to secure their servers better even if it makes it harder for the average user to do things. A hardened server will not display a list of files if it is secured properly.
~Phil
Very true.
Thanks for stopping by, Barbara