[wp-hackers] protecting wp-content/plugins ?
James Davis
james at freecharity.org.uk
Sat Aug 18 12:11:58 GMT 2007
Omry Yadan wrote:
> covering wp-content and wp-themes will make the life of an attacker much
> harder.
> there is a huge difference because those are guarantied to be there.
You've made the mistake of believing that the attacker is an inquisitive
person who cares whether his exploits succeed or not.
The lack of a directory index is not going to stop an attacker trying to
exploit a vulnerable script that may or may not exist on your server.
They're going to try it regardless. They won't even care if you're
attentive enough to notice their failed attempts in your logs.
The problem is a server wide one and should be fixed at that level if
you really care about it. Placing an index file in the directory only
masks the problem for a single application.
James
--
FreeCharity.org.uk - Free hosting for charities and non-profits
WordPress and Blogging Consultancy - (01348) 800101
More information about the wp-hackers
mailing list