If you have a self-hosted WordPress blog, check the following links on your favorite browser:
http://www.yourblog.com/wp-content/plugins/
http://www.yourblog.com/wp-content/plugins/akismet/
http://www.yourblog.com/wp-content/plugins/all-in-one-seo-pack/
http://www.yourblog.com/wp-content/themes/
replacing www.yourblog.com with your own domain name. You could also check other folders that you know exist on your wp-content folder.
If you see a list of files, it means that directory browsing is enabled on your blog host. This is a potential security problem because some people can check your plugins directory and exploit it if they see some of your outdated plugins. I used the Akismet and All In One SEO Pack directories as example because these are the most popular plugins I can think of.
One of the solutions to prevent this is to put a blank index.html file on your directories. I learned this from Techathand.Net. However, if you only put the index.html file on plugins directory, you only disabled directory browsing on plugins directory, and not on its sub-directories and other directories. So, you have to put index.html on all of the sub-directories to prevent them from accessing those sub-directories. But that’s a lot of work to do, isn’t it?
Here’s an easy option. You can do it easily by adding this line of code on your .htaccess file:
Options All -Indexes
Adding the lines above on your .htaccess file will disable directory browsing in all of your directories and sub-directories. They will see a 404 page instead. Got that line of code from the man with a big Adsense check. 🙂
Secure your WordPress blog. Add that single line of code on your .htaccess file. Now na! 😉
