[wp-hackers] protecting wp-content/plugins ?

jacobsantos at branson.com jacobsantos at branson.com
Thu Aug 30 15:37:43 GMT 2007 

Yes.

Knut-Olav Hoven wrote:
> How about changing the WordPress rewrite rules?
> Will this break anything?
>
>
> From:
>                 <IfModule mod_rewrite.c>
>                         RewriteEngine On
>                         RewriteBase /
>                         RewriteCond %{REQUEST_FILENAME} !-f
>                         RewriteCond %{REQUEST_FILENAME} !-d
>                         RewriteRule . /index.php [L]
>                 </IfModule>
>
>
> To:
>
>                 <IfModule mod_rewrite.c>
>                         RewriteEngine On
>                         RewriteBase /
>                         RewriteCond %{REQUEST_FILENAME} !-f
>                         RewriteRule . /index.php [L]
>                 </IfModule>
>
>
>
> On Thursday 30 August 2007 17:21:51 Otto wrote:
>   
>> Meh. Six of one, half dozen of the other. The index.php (or better
>> yet, an index.html) file is simpler and almost foolproof. But simply
>> adding "Options -Indexes" to your root .htaccess file is faster and
>> has a lower server impact.
>>
>> On 8/29/07, Knut-Olav Hoven <hovenko at linpro.no> wrote:
>>     
>>> On Wednesday 29 August 2007 18:32:56 Otto wrote:
>>>       
>>>> What I'm saying is that the having somebody know that you are running
>>>> some specific plugin doesn't put you at any sort of extra risk
>>>> whatsoever. Disable Directory Indexing to stop search engines from
>>>> seeing them, and then get on with life. Going to extreme amounts of
>>>> effort by adding PHP code to plugins, like in this thread, is useless.
>>>> Worse than useless, because it's false security: You think you're
>>>> safer when you're actually not.
>>>>         
>>> From my point of view the biggest reason for not including empty
>>> index.php files everywhere is in fact all those empty files laying
>>> around; loose ends.
>>>
>>> Therefore i suggest we remove the wp-content/index.php file too (not sure
>>> if it still exists in trunk though). We need that one as much (or as
>>> little) as an empty index.php file in wp-content/uploads/.
>>>
>>>
>>> --
>>> Knut-Olav Hoven
>>> Systemutvikler               mob: +47 986 71 700
>>> Linpro AS                    http://www.linpro.no/
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>       
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>     
>
>
>
>

More information about the wp-hackers mailing list