[wp-hackers] protecting wp-content/plugins ?

Knut-Olav Hoven hovenko at linpro.no
Wed Aug 29 17:02:07 GMT 2007


On Wednesday 29 August 2007 18:32:56 Otto wrote:
> What I'm saying is that the having somebody know that you are running
> some specific plugin doesn't put you at any sort of extra risk
> whatsoever. Disable Directory Indexing to stop search engines from
> seeing them, and then get on with life. Going to extreme amounts of
> effort by adding PHP code to plugins, like in this thread, is useless.
> Worse than useless, because it's false security: You think you're
> safer when you're actually not.

From my point of view the biggest reason for not including empty index.php 
files everywhere is in fact all those empty files laying around; loose ends.

Therefore i suggest we remove the wp-content/index.php file too (not sure if 
it still exists in trunk though). We need that one as much (or as little) as 
an empty index.php file in wp-content/uploads/.


-- 
Knut-Olav Hoven
Systemutvikler               mob: +47 986 71 700
Linpro AS                    http://www.linpro.no/


More information about the wp-hackers mailing list