I noticed a lot of accesses to wp-content/plugins in my apache logs, and sure enough, this directory is browsable to the world.
Is this a security problem? It doesn’t exactly make me feel warm and cozy.
Putting a .htaccess here is going to confuse a lot of plugins, I expect.
I protected it sort of by placing an index.html file in that dir, but that won’t prevent direct access to plugins for people who know the path.
What’s the right solution?
- The topic ‘Hiding the plugins directory from public’ is closed to new replies.