[wp-hackers] Ever a valid reason to access a plugin's readme.txt?

Michael Clark dc153464a11bcf5aeb18180db28017fb.wp-hackers at planetmike.com
Mon Jun 18 16:16:35 UTC 2012

Is there ever a valid reason for an end-user (anyone in the world) to 
directly access a plugin's readme.txt? As recently as a month ago 
crackers would scan my WordPress sites for insecure plugins by simply 
requesting the plugin file name (e.g. 
http://example.com/wp-content/plugins/whatever/whatever.php ). These 
were easily blocked with a handful of .htaccess rules. Last night the 
crackers started looking for readme.txt files of plugins ( 
http://example.com/wp-content/plugins/whatever/readme.txt ). Can I 
safely remove the readme.txt files of my installed plugins? Then I 
can easily block any requests of readme.txt. Mike


Michael Clark

"Injustice anywhere is a threat to justice everywhere."
  - Martin Luther King Jr.

More information about the wp-hackers mailing list