Is Your Blog Secure?

Jul 4th, 2007 by Kirby

When it comes to installing Wordpress it appears that there are some concerns with what directories are indexed by such sites as Google, or Yahoo making your directory open for business via public browsing and a key target for ill-intentioned visitors.

I first came across this information while visiting Shoemoney, and just so happened, like that, i learned something new. It is said that Google indexes Wordpress directories for public viewing. So what this means, is that ‘yoursite.com/wp-content/plugins’ and all of it’s contents are open to the public for viewing. Unless you don’t care whether or not your readers know which plugins you are currently running on your blog then maybe this is not for you. However, if you do care then don’t worry there are three fixes that i can think of. One that has been highlighted at Shoemoney, and another that should have been installed during your wordpress installation but I guess it may take another Wordpress update to fix this and other unnoticeable exploits. Although, this security risk seems minimal given the right moment, the right person a small exploit can turn into a big problem, so let’s bake this cookie one solution at a time.

Solutions

I. A very simple solution indeed, just disable indexing by placing the following in your .htaccess file:

Options All-Indexes

If you don’t have an .htaccess file then it’s very simple to create one:

Open a new document in notepad and save it as .htaccess

That’s all folks…

II. Create a blank index.php file using notepad and place it in the directories that you wish to protect. Keep in mind that Wordpress automatically installs blank index.php files in some directories but not all.

III. Create an index.php file using notepad that redirects your browsers to another page or to your homepage, using the following code: