12 {{ upvoteCount | shortNum }}
12 {{ upvoteCount | shortNum }}

Simple Way To Protect Your Plugins Folder From Snooping Eyes...

by Sean Donahoe
7 replies
I have been asked a few times "How can I stop Google or anyone seeing what plugins I have installed?".

A great question and one I will share the answer to here. First, why would you want to hide your plugins? Well think about security. If a hacker can see into your plugins folder and see what plugins you have installed a hacker can use their bag of tricks to deface or hack your site.

With Google, if they see automation plugins they do not like or auto-promotion tools they do not approve of, they can take action to penalize your site.

Personally, I like to keep peoples noses out of my setups

So here is what you can do to protect your wordpress plugins folder.

1. Put this in a .htaccess file inside your plugins folder

Code:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/.htpasswd
AuthGroupFile /dev/null
require valid-user
Basically any request to look in that folder will be blocked as it will require a non-existent login.

2. Stop Prying Eyes Eating Cookies...
This is another security tweak to stop people hacking your cookie file (it is possible)...

Put this in your main .htaccess file in the same folder as wp-config.php

Code:
RewriteEngine On
RewriteBase /
RewriteRule ^cookie.txt$ index.php [L]
3. Get the following plugins installed for security

WP Security Scan
WordPress › WP Security Scan « WordPress Plugins

Secure Wordpress
WordPress › Secure WordPress « WordPress Plugins

WP Firewall 2
WordPress › WordPress Firewall 2 « WordPress Plugins

Hope that helps some people add a little extra protection to their wordpress blogs and keep out prying eyes.

All the best

Sean
#eyes #firewall #folder #plugins #protect #secure #simple #snooping #wordpress
  • Profile picture of the author Jerry Reily
    Also try using wget if your site can be mirrored.
    {{ DiscussionBoard.errors[4690921].message }}
  • Profile picture of the author dennis1212
    hey Sean....thanks for the tips, I have been looking all over for this.

    on the second option for the cookie file

    I found my wp-config.php ...in my public html folder....of a new installed site, however I am not seeing a .htaccess file in their....is it disguised.....should i just create a new blank page, name it "something.htaccess" and drop those exact three lines of code in there.

    Thanks a million for your help!!

    Dennis
    Signature
    >>>>>https://www.facebook.com/socialbillionaire<<<<<<
    http://videobillionaire.com/social-billionaire/
    We Rank Social Media Properties for Local Markets at Trade Prices
    Forget About Learning Curves When You Can Have it Done By Experts for YOU!!
    {{ DiscussionBoard.errors[5847432].message }}
  • Profile picture of the author Samrath Gupta
    Hey Sean,

    Thanks for sharing a cool trick brotha ! I was looking for some tweaks as well to protect my blog

    Thanks a again!

    Regards
    ~Sam~
    Signature



    What Our Affiliates Say About CPA Prosperity? Find It On Our AffPaying Page!

    || Email: sam@cpaprosperity.com || SKYPE: samrath.gupta || AIM: cpaprosam ||
    {{ DiscussionBoard.errors[5847489].message }}
  • Profile picture of the author dennis1212
    hackers and crackers....lol lol LOL LOL

    please chime in Sean when u get a minute
    Signature
    >>>>>https://www.facebook.com/socialbillionaire<<<<<<
    http://videobillionaire.com/social-billionaire/
    We Rank Social Media Properties for Local Markets at Trade Prices
    Forget About Learning Curves When You Can Have it Done By Experts for YOU!!
    {{ DiscussionBoard.errors[5847543].message }}
  • Profile picture of the author UMS
    Originally Posted by Sean Donahoe View Post

    I have been asked a few times "How can I stop Google or anyone seeing what plugins I have installed?".

    A great question and one I will share the answer to here. First, why would you want to hide your plugins? Well think about security. If a hacker can see into your plugins folder and see what plugins you have installed a hacker can use their bag of tricks to deface or hack your site.

    With Google, if they see automation plugins they do not like or auto-promotion tools they do not approve of, they can take action to penalize your site.

    Personally, I like to keep peoples noses out of my setups

    So here is what you can do to protect your wordpress plugins folder.

    1. Put this in a .htaccess file inside your plugins folder

    Code:
    AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/.htpasswd
AuthGroupFile /dev/null
require valid-user
    Basically any request to look in that folder will be blocked as it will require a non-existent login.
    I appreciate the intent of your post, but some of the information is somewhat redundant.

    In recent versions of WordPress (not sure when they changed it), you can't browse the wp-content/plugins folder as it has a dummy index.php file in there. While that's not foolproof, it works in most cases.

    Additionally, it's easy enough to see what plugins you are using by viewing the HTML source. For example, on your site I can see you're using Yoast, tubepress and other common plugins.

    You'd need to obfuscate the plugin names in order to "hide" them.
    Signature
    {{ DiscussionBoard.errors[5847673].message }}
    • Profile picture of the author dennis1212
      ye i noticed both things also...seems to always be an index.php ...nowadays.....does that do the same thing? from what ive read....it might.

      still curious on the "cookie security"

      lol---i just got done adding an "admin.htaccess" file with that first (plugin) code on 40 sites


      I also thought about editing plugin names in some case.....but probably beyond my expertise and avail time considering when i need to update plugins because of new versions of wp
      Signature
      >>>>>https://www.facebook.com/socialbillionaire<<<<<<
      http://videobillionaire.com/social-billionaire/
      We Rank Social Media Properties for Local Markets at Trade Prices
      Forget About Learning Curves When You Can Have it Done By Experts for YOU!!
      {{ DiscussionBoard.errors[5847710].message }}

Trending Topics