[wp-hackers] Ever a valid reason to access a plugin's readme.txt?
Lionel Pointet
lionel.pointet at globalis-ms.com
Mon Jun 18 16:19:55 UTC 2012
Indeed, they probably check the version number to see if a known bug can
be exploited... All the WordPress plugins readme files are written with
the same formatting, making it easy to parse it and extract useful data
from it.
Le 18/06/2012 18:16, Michael Clark a écrit :
> Is there ever a valid reason for an end-user (anyone in the world) to
> directly access a plugin's readme.txt? As recently as a month ago
> crackers would scan my WordPress sites for insecure plugins by simply
> requesting the plugin file name (e.g.
> http://example.com/wp-content/plugins/whatever/whatever.php ). These
> were easily blocked with a handful of .htaccess rules. Last night the
> crackers started looking for readme.txt files of plugins (
> http://example.com/wp-content/plugins/whatever/readme.txt ). Can I
> safely remove the readme.txt files of my installed plugins? Then I can
> easily block any requests of readme.txt. Mike
>
>
>
More information about the wp-hackers
mailing list