WordPress Site Security
No this isn’t a post about a security issue with WordPress but more the naivety of hosting your own WordPress site (or potentially other sites/CMSs) and allowing visible listings of directory contents. The post that explains this further can be found at Web Log Tools Collection.
Simply put, if visitors can view the directory listing of WordPress plugins (or which ever CMS/Blog platform you’re using) then they could determine whether any of your plugins have an exploit and could try it out on your site, potentially causing a major security risk. Whilst we all would prefer to not have any security holes in our site or plugins, by using third party software and addons you take that risk as you’ve not created nor checked it yourself. Also most plugins are often updated but plenty of people don’t upgrade their plugins once they’ve got them installed and running. I believe there’s a popular request on the next version of WordPress to have a plugin update checker or automated upgraded. That would be pretty handy.
So anyhow, I recommend that if you don’t have directory listings forbidden on your website I’d recommend you have a read of the post and at least put a blank index.html file into each directory that could be viewed and compromised, or add the line suggested into the htaccess file.
I’ll admit I was naive to this and am now updating all my sites!!