Hide plugins and themes directories for free

  • Hello
    I am looking for a way to hide plugins and themes directories for free, since hackers use vulnerabilities there, the only way I found is the plugin “Hide my wp” which is a premium plugin, is there any way to do it for free ?

Viewing 4 replies - 1 through 4 (of 4 total)
  • jack randall

    (@theotherlebowski)

    your installation should have an index.php file in each searchable directory that basically means that those folders can’t easily be crawled or accessed. if there are no index.php files in those directories, create them! ??

    your .htaccess file should also help with this stuff. use a plugin like word fence to shore up your site from the inside.

    Moderator bcworkz

    (@bcworkz)

    Even if search bots cannot crawl /plugins/ etc. there are other ways of detecting WP installations. Hackers will even blindly try to access wp-content/plugins/bad-plugin/known-vulnerable-file.php even on sites where WP does not even exist. Moving WP to a sub-folder will largely deter such attacks, but doing so, like hiding folders, is a form of security by obscurity – minimally effective but not real security.

    The best and most secure thing you can do is only use well established and actively maintained themes and plugins, and keep them updated to the latest version. Second most is use a good security plugin, and use some of the suggestions in Hardening WordPress.

    Thread Starter smartIt

    (@smartit)

    Many websites were hacked due to a plugin or theme vulnerability that wasn’t corrected yet, so it’s still useful to hide wp, I would like to know if there is a way to do so without moving WP to a sub-folder which will make the site difficult to access for users ?

    You can move WP to its own folder without making it difficult for users (search for “giving WordPress its own directory”), but because some of those files will need to be accessed over the internet (javascript, CSS) there’s no way to fully “hide” the plugin or theme without doing something a little more advanced.

    If you have time to learn a few things about web server administration, you could do things like limiting access to admin users from certain IP addresses or domains, or you could set up a VPN network that would prevent anyone from accessing /wp-admin without access to that VPN.

    However, if the vulnerability is in a JavaScript file that is needed on the front-end of the site, you’ll still run into issues, since you can’t “hide” that file without breaking your site.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hide plugins and themes directories for free’ is closed to new replies.