Enterprise Mastermind

I was busy amending this Wordpress blog a few evenings back and trying out a few nice new Wordpress plugins when I got a Skype Call from a friend asking me to browse to www.myblog.com/wp-content/plugins.

I had read about this problem before (I forget where now) and whether it had slipped my mind or not, I was still shocked to find an index listing of my plugin files on the screen. I don’t need to tell you what sort of security issues this raises. If anyone can see how your site is structured and what files are where it will always make you more susceptible to a hacking attempt. Its like having a house party and inviting burglars.

Does this apply to your site?

This security loophole doesnt just apply to Wordpress blogs, it applies to any site. And it’s a problem with quite a few providers not just mine. Do a quick test now. If you have a Wordpress blog just type in www.yourdomain.com/wp-content/plugins. If you have any other site just point you browser at a directory folder (not file) you know doesn’t contain an index.htm or index.php file. If it lists your file structure like the example above then you will have to fix it, but luckily it’s quite simple.

2 ways to fix the problem

1. .htaccess file

In order to fix the problem you need to alter your .htaccess file. This file sits in the root folder of your webspace and is responsible for telling your webserver how you want it to behave. To fix the problem just add the following line of code to the file:

Options All -Indexes

2. cPanel

If you are lucky enough to have a host that provides you with cPanel then its also a very simple procedure.

• Login to your cPanel
• Click on ‘IndexManager’ in the ‘Advanced’ section
• Choose the Web Root option in the popup window and hit Go
• Click on /public_html/
• on the next window choose ‘No Indexing’ and save

Now go and check that your file structure is hidden from those prying eyes!