[wp-hackers] Re: protecting wp-content/plugins ?

Christian Höltje docwhat+list.wp.hackers at gerf.org
Fri Aug 17 13:18:37 GMT 2007

In addition to adding a blank index file (I prefer index.html, my
self, just because it cannot run code even accidentally), I have an
apache rule like this...

RewriteCond %{REQUEST_FILENAME} !\.(css|gif|js|png|xml|xsl)$
RewriteRule ^/(wp-includes|wp-content)/ - [F,L]

It prevents people from scanning for plugins by the php files.
Obviously, additional files will be visible, but they leave their
fingerprint anyway.


Statistics cannot refute logic
       -- Murray N. Rothbard, Making Economic Sense,
                              Chapter 2: Ten Great Economic Myths

The Doctor What: A Holtje Production             http://docwhat.gerf.org/
docwhat *at* gerf *dot* org                                        KF6VNC

More information about the wp-hackers mailing list