Protect Your Wordpress Folders

Don’t Let Me Steal Your WordPress Files!

Hello there! If you are new here, you might want to subscribe to the RSS feed for quick updates on this blog.

I was bloghopping for the past 30 minutes with some blogs within my niche and noticed something in common.

So today I’m going to make a really quick article about protecting your wordpress folders and directory. A lot of bloggers I’ve noticed, have their blog’s folders browsable which is NEVER a good idea. I’d pick a cool kid name Desmond from DesmondBlog as an example. If you type the url desmondblog.com/wp-content/uploads you could pretty much see everything in the folder:

desmond

Seeing the whole content of the uploads folder is no bad (who cares about it?). But because his blog’s subfolders are browseable, we could pretty much view his themes @ /wp-content/themes (and get his premium themes),as well as its subdirectories and how about the plugins folder located at wp-content/plugins? Hackers could just go in it very simple and discover that you actually run an out-of-date wordpress plugin and exploit in it.

What should you need do then? Simply go to .htaccess file and put “Options – Indexes” on any line and save. The little code prevents your wordpress folders from being accessed by anyone. The second option if you only want to restrict access to some selected folders is just by creating an index.html file and uploading it to your desired folder. Say you just want your plugins folder to be the one unaccessible, then go to it and upload the html file. That simple!

Like what i’ve said for every 10 blogs that I visit, 7 of them are usually unprotected. You could let them know it by sharing this post (or just simply telling them.

Popularity: 16% [?]

If you enjoyed this post, make sure you subscribe to my RSS feed!

I Am Going To Steal Your Ebook!...

WordPress Plugin Upgrade Failed? Here’s How to Fix It...

I’m a WordPress Noob...

About the author

Melvin has written 312 articles for MelvinBlog Dot Com

Melvin is an internet marketer and blogger. In 2008 he started this blog, MelvinBlog.com, to share all his learnings (and ramblings) from the internet marketing world and entrepreneurship in general. He occasionally hides under the gravatar of Kenny of South Park and blogs on his personal blog about his rants on life. To see his real self read more about him

27 Responses to "Don’t Let Me Steal Your WordPress Files!"

Salwa 01:45 AM 12/5/2009

Ok good to know this. thanks for share, one little question thou..anything special you have to put in the index.html?

Salwa’s last blog post..Traffic Monday: How to Get Tons of Web Traffic Using Your Article Resource Box

Melvin Reply:
May 12th, 2009 at 9:11 am
nope, just a blank page named index.html. It’s used just in case you just want a specific folder not to be accessed.

Salwa Reply:
May 13th, 2009 at 12:21 am
sorted , thanks!

Salwa’s last blog post..Making Yourself Identifiable In The Blogging Community
Alex Fraiser 01:51 AM 12/5/2009

Hey, just wanted to say thanks again for letting me know about this at Blogussion! I put it on my personal blog too.

I thought something like that would just be automatically done? =/ Maybe I removed it by accident before not knowing what it does..

Alex Fraiser’s last blog post..Thesis Thursday #2: 10 Greatly Customized Thesis Blogs + Thesis Customization Tips
Agent 001 05:49 PM 12/5/2009

Melvin lots of thanks for reminding me about this. I had heard of it before but I always forgot. I checked my important folders and put in a index file.

I wrote on the index.html file – Dude you are in wrong place. Visit Home Page “my blog url”

I will spread the word about this. Thanks again.

Agent 001’s last blog post..Dean Hunt – The Million Dollar Personal Brand – Interviewed

Melvin Reply:
May 13th, 2009 at 5:03 am
Lol thats hilarious! anyways thanks.
Paulubiadas 07:02 PM 12/5/2009

Thanks for sharing this!

I never knew of this before.

Paulubiadas’s last blog post..Miscellaneos Ramblings
Protect your Important WordPress Files | Greatest Reviews Dot Net 09:28 PM 12/5/2009

[...] your Word Press files. By the way friends do visit Melvin’s Blog and read his blog post Don’t Let Me Steal Your WordPress Files! from which the above tricks were taken. He asked his reader to spread this word. Its important and [...]
Forest 05:04 PM 13/5/2009

Awesome tip…. and you know what I think I have neglected to do this yet on Real Blogging Tips!!

I will check it out this afternoon.

Forest’s last blog post..Under Construction… What Do You Think?
elmot 07:21 AM 15/5/2009

really, a blog could be easily stolen as that? this is an informative posts for all those wp users (im a blogger user) who just park their blogs across the street and go for a nap.

could this happen to blogger too>?

elmot’s last blog post..They Are No Angels Either!
Héctor | SEO Blog 02:21 PM 15/5/2009

Personally, I prefer the .htaccess approach. Some time ago, I also noticed this and tried to secure my folders using blank index.php files and for some reason WordPress complained about it (weird 404 errors, redirections, etc).

Héctor | SEO Blog’s last blog post..SEO And Domain Name Changes, Advisable?
jan geronimo 01:56 AM 16/5/2009

Now that is a very useful post, Melvin. I’d be bookmarking this for future reference – who knows I just might get to move to WP finally. “,)

Melvin Reply:
May 16th, 2009 at 4:06 am
dud, why are you not using wordpress on the first place?

jan geronimo Reply:
May 16th, 2009 at 6:11 am
Because I started on the wrong foot and kept on – as a matter of pride and force of habit. Not to worry, I’d be getting myself a self-hosted WP blog very soon. lol

jan geronimo’s last blog post..Bah! You Can Curtsy Now – I’m an Influential Blogger
Desmond Ong 12:44 PM 16/5/2009

Hey Melvin, first of all, I felt like you just raped my blog.

Secondly, thanks for informing about this. I’m the worst when it comes to techie stuff like this in the internet marketing world. LOL.

Thirdly, I didn’t know that I’m a cool kid.

Anyway, thanks for telling this. (and i appreciate the link)

Desmond Ong’s last blog post..What Happened When John Reese, Ed Dale, Frank Kern, Mike Filsaime and Jeff Walker Do a Gathering
Securing Your Blog 04:04 PM 17/5/2009

[...] your WordPress Directories – I recently made an article on my blog on how anyone can sneak into your wordpress folders without you knowing it. Surprisingly a lot of bloggers don’t seem to mind it. You can easily [...]
Mike 12:30 AM 18/5/2009

I know alot of /plugins and /themes folders are viewable… but do you actually steal the files? if you call the folders.. it gives you system errors.

Mke

Mike’s last blog post..WordPress 2.8 Beta 1 Released
Simon | Teenius 06:22 PM 18/5/2009

Nice post Melvin. I honestly hadn’t even thought about that, but as I’m getting a custom theme made I’ve not put up an index.html file before I forget.

It just says ‘Hey, guys, GO HOME!!!’ with a link to the homepage lol

Simon | Teenius’s last blog post..The Positives And Negatives Of Joint Ventures
Charles @ Big Idea Blogger 08:06 AM 19/5/2009

Hey Melvin, I never knew this, thanks for letting me know!

Charles @ Big Idea Blogger’s last blog post..Proven Money-Making Ideas – The Big Four Categories
crisiboy 06:35 PM 24/5/2009

nice tips for those who are not aware of their wordpress file being exposed in browsing

crisiboy’s last blog post..Blackberry Phone Enters the Philippines
bbrian017 02:53 PM 25/5/2009

That’s a little scary but seeing it’s all images I don’t think I mind so much! I think it’s like that because the content isn’t very secret right?
francis 10:35 AM 26/5/2009

what the??!! is that even possible??to hack your wordpress folder?? i never knew that. better try your suggestion on how to protect our wordpress file

francis’s last blog post..The World Ends With You NDS Review
catering supplies 06:26 AM 27/5/2009

Melvin, Before reading your post I don’t know about it that a blog can be stolen. I keep it in mind. thanks for such nice info and sharing.
Protect Your Wordpress Folders The Melvin Blog | Indoor Grills 01:03 AM 04/6/2009

[...] Protect Your WordPress Folders The Melvin Blog Posted by root 19 hours ago (http://www.melvinblog.com) Reply to this comment comment by catering supplies 2009 05 27 06 26 54 melvin before reading your post i wordpress powered theme by premiumthemes Discuss | Bury | News | Protect Your WordPress Folders The Melvin Blog [...]
Protect Your Wordpress Folders The Melvin Blog | Joint Pain Relief 06:31 PM 08/6/2009

[...] Protect Your WordPress Folders The Melvin Blog Posted by root 14 minutes ago (http://www.melvinblog.com) The positives and negatives of joint ventures reply to this comment comment by charles big idea blogger wordpress powered theme by premiumthemes Discuss | Bury | News | Protect Your WordPress Folders The Melvin Blog [...]
Nihar 07:12 AM 09/6/2009

Great tip Melvin.

I will add it now.

Thank you very much.

Nihar’s last blog post..How to submit Website / Blog to Bing Webmaster Tools
infopediaonlinehere 10:22 PM 08/3/2010

this is a great tip
.-= infopediaonlinehere´s last blog ..Google App Engine technologies, Google App Engine SDK, Google cloud computing google app engine =-.

Don’t Let Me Steal Your WordPress Files!

About the author

27 Responses to "Don’t Let Me Steal Your WordPress Files!"

Blog Sponsors

Recent Blog Entries

MelvinBlog Recommends

Fan My Blog!

Sponsored

Random Photo

Recommendations

Recent Comments

Friends and Buddies

Don’t Let Me Steal Your WordPress Files!

About the author

27 Responses to "Don’t Let Me Steal Your WordPress Files!"

Blog Sponsors

Recent Blog Entries

MelvinBlog Recommends

Fan My Blog!

Sponsored

Random Photo

Recommendations

Recent Comments

Friend Me

Friends and Buddies