[wp-hackers] Re: protecting wp-content/plugins ?
Will Norris
will at willnorris.com
Sat Aug 18 05:03:23 GMT 2007
On Aug 17, 2007, at 6:18 AM, Christian Höltje wrote:
> In addition to adding a blank index file (I prefer index.html, my
> self, just because it cannot run code even accidentally), I have an
> apache rule like this...
>
> RewriteCond %{REQUEST_FILENAME} !\.(css|gif|js|png|xml|xsl)$
> RewriteRule ^/(wp-includes|wp-content)/ - [F,L]
>
> It prevents people from scanning for plugins by the php files.
> Obviously, additional files will be visible, but they leave their
> fingerprint anyway.
just a quick note... if you want to find exactly which file types you
have in your plugins directory, the following should do the trick...
find . -type f | sed -E "s/.+(\.[^\.]+)$/\\1/" | sort | uniq
and for what it's worth, +1 for adding a blank index.html :)
-will
More information about the wp-hackers
mailing list