[wp-hackers] protecting wp-content/plugins ?

Knut-Olav Hoven hovenko at linpro.no
Thu Aug 30 15:30:53 GMT 2007


How about changing the WordPress rewrite rules?
Will this break anything?


From:
                <IfModule mod_rewrite.c>
                        RewriteEngine On
                        RewriteBase /
                        RewriteCond %{REQUEST_FILENAME} !-f
                        RewriteCond %{REQUEST_FILENAME} !-d
                        RewriteRule . /index.php [L]
                </IfModule>


To:

                <IfModule mod_rewrite.c>
                        RewriteEngine On
                        RewriteBase /
                        RewriteCond %{REQUEST_FILENAME} !-f
                        RewriteRule . /index.php [L]
                </IfModule>



On Thursday 30 August 2007 17:21:51 Otto wrote:
> Meh. Six of one, half dozen of the other. The index.php (or better
> yet, an index.html) file is simpler and almost foolproof. But simply
> adding "Options -Indexes" to your root .htaccess file is faster and
> has a lower server impact.
>
> On 8/29/07, Knut-Olav Hoven <hovenko at linpro.no> wrote:
> > On Wednesday 29 August 2007 18:32:56 Otto wrote:
> > > What I'm saying is that the having somebody know that you are running
> > > some specific plugin doesn't put you at any sort of extra risk
> > > whatsoever. Disable Directory Indexing to stop search engines from
> > > seeing them, and then get on with life. Going to extreme amounts of
> > > effort by adding PHP code to plugins, like in this thread, is useless.
> > > Worse than useless, because it's false security: You think you're
> > > safer when you're actually not.
> >
> > From my point of view the biggest reason for not including empty
> > index.php files everywhere is in fact all those empty files laying
> > around; loose ends.
> >
> > Therefore i suggest we remove the wp-content/index.php file too (not sure
> > if it still exists in trunk though). We need that one as much (or as
> > little) as an empty index.php file in wp-content/uploads/.
> >
> >
> > --
> > Knut-Olav Hoven
> > Systemutvikler               mob: +47 986 71 700
> > Linpro AS                    http://www.linpro.no/
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



-- 
Knut-Olav Hoven
Systemutvikler               mob: +47 986 71 700
Linpro AS                    http://www.linpro.no/


More information about the wp-hackers mailing list