[wp-hackers] protecting wp-content/plugins ?

James Davis james at freecharity.org.uk
Sat Aug 18 12:11:58 GMT 2007

Omry Yadan wrote:

> covering wp-content and wp-themes will make the life of an attacker much
> harder.
> there is a huge difference because those are guarantied to be there.

You've made the mistake of believing that the attacker is an inquisitive 
person who cares whether his exploits succeed or not.

The lack of a directory index is not going to stop an attacker trying to 
exploit a vulnerable script that may or may not exist on your server. 
They're going to try it regardless. They won't even care if you're 
attentive enough to notice their failed attempts in your logs.

The problem is a server wide one and should be fixed at that level if 
you really care about it. Placing an index file in the directory only 
masks the problem for a single application.


FreeCharity.org.uk - Free hosting for charities and non-profits
WordPress and Blogging Consultancy       -      (01348) 800101

More information about the wp-hackers mailing list