Austin WordPress Meetup

Bringing together WordPress users of all levels

Security

Security – Prevent Directory Browsing

Security, Tips and Tools, WordPress Beginners

This entry is part [part not set] of 4 in the series WordPress Security

By default, most hosts allow directory listing. Because there are a standard set of directories in a WordPress installation, the hacker can go directly to the directory inside your site and see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.

This is a simple but important problem to fix. You have three options:

  1. Place an empty file in each directory with the name INDEX.HTML or INDEX.PHP
  2. If you are using an Apache webserver, modify your .htaccess file
  3. Use a Security plugin (see the end of the series for suggestions)

 

Security – The Mind of a Hacker

Security, WordPress Beginners

In class I will show you a few of the ways a hacker finds vulnerabilities in websites.  I will not include that information here because all I want to do is illustrate the no one is immune, not teach you how to hack.

Most often hacking is a crime of opportunity – like an open gate or unlocked car door. In general the hacking process involves three steps:

  1. Find a point of entry
  2. Compare the website / server information to know vulnerabilities
  3. Have fun

The hacker doesn’t even have to know what he or she is doing. There are many programs that can be found on hacker sites that go through this process automatically. Thesw are popular with novice, juvenile, or dilitante hackers. Because they often don’t require any sophisticated understanding to operate, the people who use them are held in very low regard by the “real” hacker community, and are referred to by the derrogitory term “script kiddies.” That does not mean they can’t do some very real damage to your website.

The important point to understand is that these individuals are not targeting your website – you are just one of thousands. It is strictly a numbers game, and some day yours may come up.

In this next piece we will look at a common point of entry for hackers.