How to secure wordpress

Does anyone have any ideas on how to secure my wodrpess blog so people can't see what plugins and themes i use?

just stick a blank index.html in your plugins and themes folder so they can't browse to them, or put a redirect back to your main page

Doesn't wordpress do this already?

you really can't stop people from snooping on your page source to see what plugins you are using but by default, wordpress places an index.php on your plugin directory to prevent your server to list out a directory listing of your plugins. You may like to redirect your visitors back to your main page when they try to access your plugin directory with the following modification on your index.php file placed in these directories.


please note that the index.php file is NOT the one on your root directory or your wordpress root installation.

place/modify index.php in these directories:
/wp-content/
/wp-content/plugins/
/wp-content/themes/
/wp-content/uploads/

Check out this post:

Aside from the index.html file thrown into those directories, make sure you rename your theme folder or if you leave the default name people will be able to see it by looking at the source code of the main page.

RCKid said:

Does anyone have any ideas on how to secure my wodrpess blog so people can't see what plugins and themes i use?

Click to expand...

All of the above advice is great, however, there is also a couple of products dedicated to this.

"Wordpress Secured" is one that comes to mind. Anyway, there is no chance of ever being 100% secure.