[wp-hackers] Ever a valid reason to access a plugin's readme.txt?
dc153464a11bcf5aeb18180db28017fb.wp-hackers at planetmike.com
Mon Jun 18 16:16:35 UTC 2012
Is there ever a valid reason for an end-user (anyone in the world) to
directly access a plugin's readme.txt? As recently as a month ago
crackers would scan my WordPress sites for insecure plugins by simply
requesting the plugin file name (e.g.
http://example.com/wp-content/plugins/whatever/whatever.php ). These
were easily blocked with a handful of .htaccess rules. Last night the
crackers started looking for readme.txt files of plugins (
http://example.com/wp-content/plugins/whatever/readme.txt ). Can I
safely remove the readme.txt files of my installed plugins? Then I
can easily block any requests of readme.txt. Mike
"Injustice anywhere is a threat to justice everywhere."
- Martin Luther King Jr.
More information about the wp-hackers