My First WordPress Plugin

The first plugin I am releasing is more of a security patch. Hopefully this will help to clean up a potential security hole in WordPress, maybe WordPress will include this in their next update.

blog security online

People I am pinging who should think of installing this:

  1. A Blog About Nothing : http://www.ablogaboutnothing.com/wp-content/plugins/
  2. Smemon : http://www.smemon.com/wp-content/plugins/
  3. John Cow : http://johncow.com/wp-content/plugins/
  4. ClickaLite : http://www.clickalite.com/wp-content/plugins/
  5. E-Moms : http://www.emomsathome.com/blog/wp-content/plugins/
  6. Blogtrepreneur : http://blogtrepreneur.com/wp-content/plugins/
  7. Matt Cutts : http://www.mattcutts.com/blog/wp-content/plugins/
  8. Ledger Pad : http://ledgerpad.ath.cx/wp-content/plugins/

I’m sure there are more people on my Google Reader, but these were the first 8 that I checked who had left this potential hole open.

Are you for real ?

There is a potential problem letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage . This could be done in the situation there is an XSS bug. The less a potential hacker can find out about your website, the safer you are. So if you are using WordPress I would recommend you apply the fix.

The Fix

Upload a blank index.html file in the folder /wp-content/plugins/ . In fact I’ve a copy of one here for you index.htm just click on that to download the file.

I hope this is a help !

19 thoughts on “My First WordPress Plugin

  1. How about …. “Security Patch via a plugin, and you upload only 1 file which is 3 bytes small and it could save you from a security breach !” 😉

  2. That’s a really good idea. I haven’t thought about that in a long time. I used to put blank indexes into all my folders because people were going through my photo folders and just snatching whatever pictures they wanted. At least with the index.html, they had a harder time of doing so.

  3. I have no doubt with the trick of putting index.html file in plugin folder. But it shouldn’t be difficult to guess what plugin you use from your blog.

  4. true web2.0ready, (thanks for your comment), if you had a insecure release of a plugin that might be a problem. I love your site btw.

    You can as far as I know also turn off folder indexing on a server level too….

    Glad I could help you Angela , Wendy & “A Blog About Nothing” 😀

  5. Hello Becky, Nice blog you got here 🙂
    Instead of leaving the index.html file blank, why not make it redirect to the main page? or any other page of your choice? it can be done with a very simple java script embeded into the html file. and not only for the plugins folder, but for the themes folder as well 🙂

    (I myself don’t use the redirect but only because I like whoever stumbles onto those folders to see my fire throwing scary monster 😛 )

  6. I used to use WordPress, but I got sick of all the security holes and switched back to MovableType.

  7. Better Still folks,

    Put a POP up, optin form, secret OTO (one time offer)…and make extra do$h

    …or just put some warning that you are watching the snooper…

    Its your Virtual real-estate…

    jd

Leave a Reply