Jerry Leventer

A Minor WordPress Security Issue And How To Fix It

February 10th, 2008 · 2 Comments · Wordpress Issues: Installation, Upgrade, Themes, Widgets, & Plugins

Here are a couple easy steps you can take to prevent your WordPress Blog from being “hacked”.

1) It is easy for someone to view your themes and plugins folders if you don’t do this one little thing.

Launch your favorite text editor and save a new file as index.php.

Then paste the following code into it:

<?php
// Redirect to specified URL
$URL = “http://www.yoursite.com/”;
header( “HTTP/1.1 301 Moved Permanently” );
header(“Location: $URL”);
exit();
?>

Edit www.yoursite.com to the page you want the errant visitor to be redirected to.

Then upload that index.php file to all the directories that don’t have an index.* or default.htm file in them.

If you don’t know how to upload files or would like assistance with your WordPress site maintenance, I can provide that service for you at reasonable rates.

(Thanks to Katherine Reschke for bringing the issue to my attention.)


2) Another quick fix to ward off hackers is the following.

In your “header.php” file is a line that looks like this:

<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” /> <!– leave this for stats –>

You should comment it out or remove it to prevent hackers from exploiting security holes in older versions of WordPress.

This his how it would look if commented out:

<!– <meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” /> –> <!– leave this for stats –>

I’m available for a free 1/2 hour consultation by phone if you have any questions about your website or WordPress blog.

[tags]Wordpress Security, index.php[/tags]

Tags:

2 responses so far ↓

Leave a Comment

Google Analytics Alternative