DISQUS

DISQUS Hello! Sage Blogger is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

Sage Blogger

Affiliate Marketing, Blogging and other fun stuff
Jump to original thread »
Author

Do Yourself A Favor-Stop Advertising Your Plugins To The Whole World

Started by Vlad Zablotskyy · 10 months ago

Commenting on my most recent post about security issues I’ve had with one of my WordPress websites, Dane has mentioned that keeping up to date all your plugins can help you to reduce the risk of having your website compromised:
That is why it’s so important that you stay on ... Continue reading »

21 comments

  • lucia

    1 year ago

    Hi Vlad,
    This is actually a very important precaution for many reasons and bears repeating. So, I stumbled you!

    I take care of the issue site wise, and discussed how toHide plugins using .htaccess a while back.

    It useful for security, keeping prying eyes out & etc.
    reply
  • lucia

    1 year ago

    Hmmm... seeing your index.php page, I think we clearly need to redirect people to the main page! :)
    reply
  • Vlad

    1 year ago

    well maybe I am the only one who thinks that all the fun is here ;)

    I am glad you liked it. However I think .htaccess solution is way much better. Believe it or not I do have several web-hosting providers that wan't let you touch .htaccess . Thanks for pointing me to your post!
    reply
  • lucia

    1 year ago

    Well... the fact is, everyone can't catch what's on everyone's blog. Besides, we don't all have the same audience.

    Some things do bear repeating, and protecting your plugins from view is one of them and it's not exactly a topic that is rehashed. I thought of it when I stumbled across a site giving people advice on how to find porn in peoples image directories! So, you can see how some people do need to be aware of the need to "hide" their directory listings.
    reply
  • Vlad

    1 year ago

    Lucia,

    I think I have sent you the url for my home page to stumble instead of this post. :(
    reply
  • James Lawyers

    1 year ago

    Hi Vlad,

    Great blog btw. sorry if this has been mentioned before, but what would you say are the most essential plugins for a blog?

    Cheers.
    reply
  • Vlad

    1 year ago

    James,

    You really made me laugh. You do not mind if I moderate a little your comment. :)
    reply
  • Barry Cox - Scottsdale AZ Real

    1 year ago

    That was hilarious. I'm looking to start my 1st WP blog and have been trying to absorb all the information I can. It's pretty amazing though that people actually "hack" your blog. There's got to be a better use of ones time I would think.
    reply
  • Vlad

    1 year ago

    Barry,

    There are many things that can make hacking much harder but there always be a jerk without something better to do out there.

    Welcome to his blog as well! :)
    reply
  • Ian Lee

    1 year ago

    Good tip on placing an index file in the Wordpress plugin folder. If you have cPanel, there is an Index Manager tool that will help you protect any folders without index files from wandering & curious eyes.

    In fact, if your server is not already setup by default to not show any files under a folder with no index file, you should look into setting that up. It's not fool proof but it is better than openly broadcasting your files to the world.
    reply
  • Vlad

    1 year ago

    Ian,

    I think Lucia's solution with .htaccess file does the same what you can do with Index Manager.

    Thanks for stopping by!
    reply
  • Ian Lee

    1 year ago

    Yes, I think the .htaccess file option will perform the same function as Index Manager. Except IM requires no hand coding. When working with many folders, point and click while seeing the entire directory tree is invaluable.

    Now having said that, I still think setting up your server to not show files within a folder without an Index files is still a good idea :)

    As an aside, I forgot to answer the math question and lost my answer. Do check out this math spam protection plugin that resolves the BACK button issue.
    reply
  • Vlad

    1 year ago

    Sorry Ian,

    My math plugin does some strange things, I will look into it.

    I think it is good to have all options opened. I have some web hosting plans that neither offer cPanel nor do they let you touch .htaccess file- thus placing index files is the only thing that is left.
    reply
  • Ian Lee

    1 year ago

    Hey Vlad, no need to apologize. Plugins don't always work the way we want them to. Actually, as more feedback, I was asked to enter another number after I answered the math question on my last post. Maybe another plugin is verifying that I am not a script since I posted more than 1 time today :)?

    But you are right. Sometimes, running a simple index file is the only way around the situation.
    reply
  • Vlad

    1 year ago

    It may be Spam Karma, but I am surprised it does it. I will just probably get rid of math plugin- this one time too many that it has caused problems.
    reply
  • Ian Lee

    1 year ago

    Yes, my SK2 also did that. If it's SK2's blacklist protection, then under Manage >> Spam Karma 2 >> General Settings, there is something called the snowball effect. I find the default settings to be a bit low. I suggest increasing the X's:

    - On an average you check new comments every X days.
    - Trigger when somebody posts more than X comments over the above time-period.

    Good luck.
    reply
  • Lea

    1 year ago

    I think Lucia is suggesting a good solution :)
    But tell me - did you type 'webstie' by accident or on purpose?
    I think you've just created a new way to describe one's website :)
    reply
  • Vlad

    1 year ago

    Lea,

    lol no that was not done on purpose, just one of those dyslexic moments :)
    reply
  • Lea

    1 year ago

    Darn, and I thought you were being clever :)
    reply
  • Dane Morgan

    1 year ago

    I'm not sure how much value this will specifically bring to your security. Most attackers aren't going to bother checking to see if you have a compromised plugin installed. They simply amass domain listings of WP installs and use robots to launch the attack against each blog on the list.

    That said, I can think of other good reasons to do this anyways, and not only in the plugins folder, but every folder that does not have an explicit index.php file already in it (root & admin).

    Also as I like to say, site security is a lot like car alarms. Nothing you do that leaves your site usable can tottaly prevent someone who really wants in from getting in. But there are lots of little things you can do to make it easier to just hit someone else.

    @ lucia. Back when I did porn I actually created fake Apach directory list pages. All of the listed images were of course links to rev share programs. ;)
    reply
  • Ben Holmes

    1 year ago

    I'm embarrassed to discover that I had no protection! I have in the past had problems with hackers, and I thought I had my blogs locked down enough. It's clear that I don't!

    I tried the Index Manager solution that one of the commenters mentioned, and it's easy and it works. I don't like any of my directories to be open and viewable.

    Thanks for publishing this!
    reply

Add New Comment

Returning? Login