Comments on: One of the worst WordPress security threats still alive http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive Joomla, Web Development, Joomla Templates Thu, 21 Aug 2008 00:23:04 +0000 http://wordpress.org/?v=2.6 By: Joey http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-515 Joey Wed, 11 Jun 2008 20:55:58 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-515 Wow, never knew that! Thanks for that info. Joey - www.LeetWebmasters.com Wow, never knew that! Thanks for that info.

Joey - http://www.LeetWebmasters.com

]]> By: Copes Flavio http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-509 Copes Flavio Mon, 09 Jun 2008 07:35:59 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-509 @Sherif: thanks for your input, that's handy ;) @Sherif: thanks for your input, that’s handy ;)

]]> By: Sherif Elsisi http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-505 Sherif Elsisi Sun, 08 Jun 2008 22:57:57 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-505 Yes, it is amazing how your site can become vulnerable just by offering info you don't need to. Like plugins or wordpress version. Another simple option is add to the htaccess file. Just add "Options –Indexes". This will disable directory browsing and do the same as index.html. Regards. Sherif Yes, it is amazing how your site can become vulnerable just by offering info you don’t need to. Like plugins or wordpress version.

Another simple option is add to the htaccess file.
Just add “Options –Indexes”. This will disable directory browsing and do the same as index.html.

Regards.
Sherif

]]> By: Devon Young http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-474 Devon Young Tue, 03 Jun 2008 01:26:42 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-474 WOW! I just did the search, & got "Results 1 - 100 of about 768,000 for Index of /wp-content/plugins". That's a lot of naked plugin directories. WOW! I just did the search, & got “Results 1 - 100 of about 768,000 for Index of /wp-content/plugins”. That’s a lot of naked plugin directories.

]]> By: Copes Flavio http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-436 Copes Flavio Mon, 26 May 2008 19:17:36 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-436 @eTiger13: I share your opinion, this is something that should be done.. @eTiger13: I share your opinion, this is something that should be done..

]]> By: eTiger13 http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-430 eTiger13 Sun, 25 May 2008 17:55:54 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-430 One thing people seem to be forgetting is that even though Apache has a dominant market share, it is not the only web browser out there. So just throwing a line out like 'yeah all you have to do is change your htaccess file' doesn't always work. Also, instead of adding it to your htaccess file, it should be in your .conf file. That way you can always override it in your htaccess file but have it enabled by default. Wordpress should do like Joomla and just do the simple fix that works for most people, include an index.html file in every folder. Very easy fix that goes a long way towards secure environments. One thing people seem to be forgetting is that even though Apache has a dominant market share, it is not the only web browser out there. So just throwing a line out like ‘yeah all you have to do is change your htaccess file’ doesn’t always work. Also, instead of adding it to your htaccess file, it should be in your .conf file. That way you can always override it in your htaccess file but have it enabled by default.

Wordpress should do like Joomla and just do the simple fix that works for most people, include an index.html file in every folder. Very easy fix that goes a long way towards secure environments.

]]> By: Copes Flavio http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-411 Copes Flavio Mon, 19 May 2008 08:51:28 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-411 @milo: You're right.. in the list you can even find a website such as http://development.mit.edu/ ! @milo: You’re right.. in the list you can even find a website such as http://development.mit.edu/ !

]]> By: milo http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-410 milo Mon, 19 May 2008 08:43:09 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-410 What's really scary: a lot of "designer" sites are open this way, makes you wonder if their client sites share the same problem.... What’s really scary: a lot of “designer” sites are open this way, makes you wonder if their client sites share the same problem….

]]> By: Copes Flavio http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-409 Copes Flavio Mon, 19 May 2008 08:27:02 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-409 @milo: Hi milo, thanks for stopping by. Yes, this is the solution to the problem, but I just wanted to show how many people don't implement any kind of protection to solve this problem! :-) @TVSpy Voyeur: you can even take a look at the code of the files! Too bad @milo: Hi milo, thanks for stopping by. Yes, this is the solution to the problem, but I just wanted to show how many people don’t implement any kind of protection to solve this problem! :-)

@TVSpy Voyeur: you can even take a look at the code of the files! Too bad

]]> By: milo http://www.copesflavio.com/en/blog/cms/joomla/one-of-the-worst-wordpress-security-threats-still-alive#comment-407 milo Sun, 18 May 2008 11:31:10 +0000 http://www.copesflavio.com/en/blog/?p=140#comment-407 Deny the indexing via the robots txt file and secure it via ht access. Deny the indexing via the robots txt file and secure it via ht access.

]]>