Daca nu stiati va spunem noi – daca vreti sa aflati ce pluginuri mai folosesc oamenii din blogosfera, e suficient sa cauti pe Google. Baietii de la Weblog Tools Collection au scris despre acest aspect :)
Ok – toate bune si frumoase, dar de asemenea oricine poate vedea ce pluginuri aveti instalate, intrand la adresa
[nice_link]http://www.adresa_blogului.com/wp-content/plugins/[/nice_link]
Desigur – in cazul in care domeniul este ok configurat, directory listingul nu va fi permis, dar in caz contrar… veti vedea tot ce e acolo.
Ok – de ce ar fi asta un lucru rau? daca plugin-ul e scris super bine si nu are bug-uri, totul e OK, insa daca are scapari si poate fi “hackuit” – e cam urata treaba…
ok – acum solutiile posibile.
- Add the following to the .htaccess file in your WordPress directory
Options All -Indexes- Create a new file, call it index.php, leave it completely empty and upload it to your wp-content/plugins directory.
- Make sure you have warning and error reporting turned to logging only. There are many tutorials to do this properly that are available on the web. If you are on a shared server, ask your host to turn them off if they have not done so already. I am guilty of leaving this turned on because I use this server for debugging at times and I get lazy. This is good security practice for all servers. I love how this option cannot be modified with ini_set on cPanel based servers.
- Refrain from going overboard and restricting/protecting everything. You might end up making your blog invisible to search engines and such.
acestea fiind spuse va urez “protejare placuta”…
cu respect,
Cristian Ciofu
