[wp-hackers] Re: protecting wp-content/plugins ?

Will Norris will at willnorris.com
Sat Aug 18 05:03:23 GMT 2007

On Aug 17, 2007, at 6:18 AM, Christian Höltje wrote:

> In addition to adding a blank index file (I prefer index.html, my
> self, just because it cannot run code even accidentally), I have an
> apache rule like this...
> RewriteCond %{REQUEST_FILENAME} !\.(css|gif|js|png|xml|xsl)$
> RewriteRule ^/(wp-includes|wp-content)/ - [F,L]
> It prevents people from scanning for plugins by the php files.
> Obviously, additional files will be visible, but they leave their
> fingerprint anyway.

just a quick note... if you want to find exactly which file types you  
have in your plugins directory, the following should do the trick...

   find . -type f | sed -E "s/.+(\.[^\.]+)$/\\1/" | sort | uniq

and for what it's worth, +1 for adding a blank index.html :)


More information about the wp-hackers mailing list