[wp-hackers] protecting wp-content/plugins ?
Knut-Olav Hoven
hovenko at linpro.no
Wed Aug 29 17:02:07 GMT 2007
On Wednesday 29 August 2007 18:32:56 Otto wrote:
> What I'm saying is that the having somebody know that you are running
> some specific plugin doesn't put you at any sort of extra risk
> whatsoever. Disable Directory Indexing to stop search engines from
> seeing them, and then get on with life. Going to extreme amounts of
> effort by adding PHP code to plugins, like in this thread, is useless.
> Worse than useless, because it's false security: You think you're
> safer when you're actually not.
From my point of view the biggest reason for not including empty index.php
files everywhere is in fact all those empty files laying around; loose ends.
Therefore i suggest we remove the wp-content/index.php file too (not sure if
it still exists in trunk though). We need that one as much (or as little) as
an empty index.php file in wp-content/uploads/.
--
Knut-Olav Hoven
Systemutvikler mob: +47 986 71 700
Linpro AS http://www.linpro.no/
More information about the wp-hackers
mailing list