WordPress Blog Security “Hole”
And a Step by Step Guide to Fixing It
Pre-Story: during one of the brainstorm meetings inside Free Traffic System team one of its members mentioned a problem about blog security that we used to experience about a year ago with some of our own blogs. And this is when it stunned us – “what if our bloggers…” – we rushed to check how many blog owners who submitted their blogs to the system know about this security hole and the test results were shocking!
Only 1 Out of 10 Blog Owners…
… from Free Traffic System was protected against the mentioned security hole. The rest 9 were naturally naked!! And we decided it makes no point to do further checks; we need to explain to our users how to fix this security problem.
IMPORTANT: we want you to clearly understand that this security hole is just one of the wholes that your blog can have, we do not pretent to say that the guide which will be published below gonna save you from all problems. If you are looking for a more professional and automatic solution to improving your WordPress blog security – we recommend using this script (it is a multi site license).
Step 1. How to Check if Your Blog has this Security Hole
Type into the browser the following URL http://www.your-blog-name.com/wp-content/plugins and if you see a simple page which lists all your plugins – congratulations! You have a problem. Luckily there is a way to fix it quite easily without being a tech geek.
So, if you see something like this…
Then it means that anyone can download all your plugins (for which you paid money) – your folder is empty – this is a playground for a hack-minded person.
Step 2. How to Fix this Hole
To fix that issue and stop your blog from being naked, you need to do what is called “turn off the directory browsing” and this is a very easy thing to do.
You get into your CPanel account (where this blog is hosted) and look for an icon called Index Manager. This icon should look like this in the section Advanced Settings:
Then you click on this icon and get to the page which lists all folders on the blog and choose the folder which you wish to protect from directory browsing. You need to click on /public_html/ folder, like it is shown on the screenshot below…
Once you have done it, you are on the page of settings. You should choose No Indexing from these settings. Like this…
Done! Now the folders and files inside your public_html are protected from stealing the files from them.
Once again, if you need a more advanced protection from hackers – check out this script – it uses a very smart idea to keeping the hackers away from your blogs. The hackers always look for the places of lesser resistance. If you see that you are protected, it is easier for them to find another prey rather than trying to break into your blog.
And – what is also important – the seller of this script officially confirms the following:
“We confirm that with normal use our script will not interfere or conflict with the control and functions of the Free Traffic System program”
Be smart. Be safe. Be successful.