What Plugins are the best WordPress websites running?
So a while back I wrote an entry called Ten Awesome WordPress Web Sites, that featured some really amazing website designs all running WordPress. Today I decided to play a little game with the ten sites and see which of those ten amazing WordPress websites took the time to protect their own security.
You’d be amazed how many websites don’t protect the /wp-content/plugins/ directory. It’s generally open to the public, which allows anybody to see what plugin’s your website is using. Why’s this important? Well, for starters it destroys any competitive advantage your website might have but it also allows potential hackers to determine which plugins (if any) have weaknesses that can be exploited.
The good news? Nine of the ten websites in my earlier article took the time to block access to their /wp-content/plugins/ directory. Here’s a fun game to play … next time you’re looking at a WordPress blog and you’d like to know more about how they do it, change the URL in the address bar to http://[theiraddress]/wp-content/plugins and you’ll get to see all their plugins.
We both wanted more though, we’d like other people to start expanding on SunPress too, and that’s what this competition is all about: who can make the best addon for SunPress, be it a theme, a widget or a plugin. Nothing is off limits, so if you make a plugin that adds listings for other merchants: feel free, we’d love to see that.
That is an interesting pastime. Thanks.
Nicole Price’s last blog post..The Offensive Israeli
really this is bad if someone used bad plugin which have bugs , i think all of us must protect this page .
thanks , really you are our coding expert and teacher .
Money Academy’s last blog post..( New Tool ) Check your website position on Google from Blfree
Good point Christopher. Knowing which plugins are in use could help a hacker figure out where you’re vulnerable so its a good idea to keep them under wraps.
Mike Collins’s last blog post..Dreamhost Coupon Code Saves You $50
I’m making use of most of these plugins, but you managed to introduce a few new ones that I’ll have to look into. Thanks!
“You‚Äôd be amazed how many websites don‚Äôt protect the /wp-content/plugins/ directory.” Good tip – better go and work out how to do this!!
malcolm coles’s last blog post..SEO friendly URLs: myth and fact
By the way, I went and ran an inurl:wp-content/plugins/ search at google, and there were 2.4 million hits! I guess several per site, but still … that’s a lot of unprotected folders!
http://www.google.co.uk/search?q=inurl%3Awp-content%2Fplugins%2F
malcolm coles’s last blog post..SEO friendly URLs: myth and fact
@Malcolm – OMG, I didn’t even think to do that but I can’t believe 2.4 million website owners are honestly that ignorant of the security hole that would expose themselves to.
You can discover lots with google. One of my other favourites are sites with the message “this site requries javascript”
http://www.google.co.uk/search?q=“This+website+requires+JavaScript”
Just 139,000 of them …
malcolm coles’s last blog post..How to avoid duplicate meta descriptions in pages 2 and higher of the Wordpress loop
Oops, link no worky, Copy and paste …
malcolm coles’s last blog post..How to avoid duplicate meta descriptions in pages 2 and higher of the Wordpress loop