Urgent Update For Blog Owners

Posted on 19. May, 2009 by Casper in Blogging

You can follow this easy guide to close this hole on your wordpress blog.

How to Check if Your Blog has this Security Hole

Use your browser and go to http://www.your-blog-name.com/wp-content/plugins

If you see a page which lists all your plugins you have a problem. It is not hard to fix even if you are not a tech geek

So, if you see something like this…

Then it means that anyone can download all your plugins (for which you may have paid money for). If  your folder is empty then it is a playground for a hackers.

How to Fix this Hole

Option one:

The fastest way to fix this is by simply adding an empty (or put some into it if you wish) index.html file to your plugin directory. This is not the most secure way of doing it but it will keep most people from stealing your scripts.

Option two:

Anotherway fix that issue, you can “turn off the directory browsing” which is a very easy to do.

You log in to your CPanel account and look for “Index Manager”. This icon should look like this in the section Advanced Settings:

Clicking the icon will get you to the page which lists all folders on the blog. Choose the folder which you wish to protect from directory browsing. You need to click on /public_html/ folder, like it is shown on the screenshot below…

Once you have done it, you are on the page of settings. You should choose No Indexing from these settings. Like this…

Done! Now the folders and files inside your public_html are protected.

If you need a more advanced protection from hackers you may want to check out this script It uses a pretty clever idea for keeping hackers away from your blogs.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google

Related posts:

  1. Blog Layout – What Do We Want? I have spend a few hours browsing through different...
  2. Monetize your blog If you are interested in a profit making blog,...
  3. How To Choose A Free Blog Hosting Service When choosing a free blogging site it will quickly...
  4. 6 Reasons To Blog For More Affiliate Commissions Blogging has become the choice of website for many...
  5. 10 Tips For Better Blog Writing These posts with a number of tips, “does and...

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: ,

2 Comments

Christopher Ross

19. May, 2009

Great point Casper, it’s a pretty quick for blog owners to ensure people don’t have access to this type of information but most people seem too complacent to understand what a large security hole this actually is.

Christopher Ross’s last blog post..With much sadness, I must deactivate LinkLove

R Sunil

05. Jul, 2009

Hi,

I dont think its a security laps. I just checked with one of the blog http://hqhow.com I visit usually. It listed all plugins as php files when i used that address. Still As I cant open those php files. So absolutely no security laps it has.

So guys its just a advertisement to sell some security stuff out of our ignorance. Just do research before you spend a dime on such crap.

lol.
sunil.

Leave a reply


Please read before leaving a comment:
You may use keywords as usename if the content of the website url given, is related
to the content of this blog. (Marketing, Advertising, Blogging, Forex etc.)
If not, please use ONLY your name.


CommentLuv Enabled