[wp-hackers] Ever a valid reason to access a plugin's readme.txt?

Lionel Pointet lionel.pointet at globalis-ms.com
Mon Jun 18 16:19:55 UTC 2012

Indeed, they probably check the version number to see if a known bug can 
be exploited... All the WordPress plugins readme files are written with 
the same formatting, making it easy to parse it and extract useful data 
from it.

Le 18/06/2012 18:16, Michael Clark a écrit :
> Is there ever a valid reason for an end-user (anyone in the world) to 
> directly access a plugin's readme.txt? As recently as a month ago 
> crackers would scan my WordPress sites for insecure plugins by simply 
> requesting the plugin file name (e.g. 
> http://example.com/wp-content/plugins/whatever/whatever.php ). These 
> were easily blocked with a handful of .htaccess rules. Last night the 
> crackers started looking for readme.txt files of plugins ( 
> http://example.com/wp-content/plugins/whatever/readme.txt ). Can I 
> safely remove the readme.txt files of my installed plugins? Then I can 
> easily block any requests of readme.txt. Mike

More information about the wp-hackers mailing list