[wp-hackers] protecting wp-content/plugins ?

Otto otto at ottodestruct.com
Thu Aug 30 15:21:51 GMT 2007


Meh. Six of one, half dozen of the other. The index.php (or better
yet, an index.html) file is simpler and almost foolproof. But simply
adding "Options -Indexes" to your root .htaccess file is faster and
has a lower server impact.


On 8/29/07, Knut-Olav Hoven <hovenko at linpro.no> wrote:
> On Wednesday 29 August 2007 18:32:56 Otto wrote:
> > What I'm saying is that the having somebody know that you are running
> > some specific plugin doesn't put you at any sort of extra risk
> > whatsoever. Disable Directory Indexing to stop search engines from
> > seeing them, and then get on with life. Going to extreme amounts of
> > effort by adding PHP code to plugins, like in this thread, is useless.
> > Worse than useless, because it's false security: You think you're
> > safer when you're actually not.
>
> From my point of view the biggest reason for not including empty index.php
> files everywhere is in fact all those empty files laying around; loose ends.
>
> Therefore i suggest we remove the wp-content/index.php file too (not sure if
> it still exists in trunk though). We need that one as much (or as little) as
> an empty index.php file in wp-content/uploads/.
>
>
> --
> Knut-Olav Hoven
> Systemutvikler               mob: +47 986 71 700
> Linpro AS                    http://www.linpro.no/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list