[wp-hackers] Re: protecting wp-content/plugins ?
Christian Höltje
docwhat+list.wp.hackers at gerf.org
Fri Aug 17 13:18:37 GMT 2007
In addition to adding a blank index file (I prefer index.html, my
self, just because it cannot run code even accidentally), I have an
apache rule like this...
RewriteCond %{REQUEST_FILENAME} !\.(css|gif|js|png|xml|xsl)$
RewriteRule ^/(wp-includes|wp-content)/ - [F,L]
It prevents people from scanning for plugins by the php files.
Obviously, additional files will be visible, but they leave their
fingerprint anyway.
Ciao!
--
Statistics cannot refute logic
-- Murray N. Rothbard, Making Economic Sense,
Chapter 2: Ten Great Economic Myths
The Doctor What: A Holtje Production http://docwhat.gerf.org/
docwhat *at* gerf *dot* org KF6VNC
More information about the wp-hackers
mailing list