It’s becoming more common so perhaps you’ve heard of it happening: someone’s Wordpress blog was hacked. Usually it is by a spammer, who inserts malicious images and coding. There are weaknesses in Wordpress, because it’s open source software, and because users often don’t know all the security holes.

Here’s one quick and easy tip to help secure your Wordpress site: hide your plugins files. Plugins are so convenient but they can be a security risk. I recommend using only plugins you really, really need, and hiding what you have.

If you were to type in an unprotected blog’s address, like this:

http://BLOGNAME.com/wp-content/plugins

you’d see something like this:

This is basically an open invitation to a hacker, advertising what plugins you have and what possible versions (non-updated). The hacker can exploit any open doors that the plugins may have, and therefore he can gain access to your blog/site through them. You want to block anyone from seeing your list of plugins. Here’s what you do.

Open up Notepad. Save the document as index.html. You can leave it blank if you want. You can type in “Hello” or “Don’t hack me” or your blog address, whatever. I use a blank file.

Open up your FTP program and upload this index.html file in your plugins folder. So after it is uploaded, you’ll see all the folders for your plugins and this little file named “index.html.”

That’s it! Your plugins folders will not be seen.

How does this work? Wordpress is programmed to access index.html files first thing. So when your Wordpress plugins are accessed, it will go to this blank index.html file and move on to your plugins afterward. The index.html file is like a blanket, covering all your plugin goodies. Your plugins will still work just fine, they will just be concealed to everyone.

I hope this helps protect you. Happy blogging!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]