There have been quite a few people on BHW lately asking about how to hide your WP plugins directory. Why would you want to do this? There's a couple of reasons, one being the desire to protect your 'trade secrets', but the other one is security. Chances are if a cracker is determined enough they will probably find some way to harm your blog if they want to. However, you don't need to make it easy. I'll walk you through the setup of a little trick that I use to not only secure my blogs by hiding the plugins I use, but also make a bit of extra cash from the people who are snooping! If you go to /wp-content/plugins on your WP blog, chances are you'll see something that looks like this: That looks pretty innocent, but it also shows exactly what plugins I'm using on that particular blog. What if there happened to be an exploit for one of the plugins, such as the cache plugin, or db-backup? Not good.. I've actually had one of my blogs hacked because of a bad plugin before, which is when I started hiding my plugin directories. What we're going to do, instead of making a blank or 'Access Denied' page, is create a FAKE plugins page. Here's how we do it. Go to ClickBank, E-Junkie, etc and find a few WP plugins that have affiliate programs. Note this isn't WP plugins for affiliate programs, you're looking for commercial plugins that cost money and have an affiliate program you can sign up for. Pick a handful, and get the affiliate links for them. On ClickBank you'll create hoplinks, on other sites you'll be provided with a direct link. Create folders and rename them to the plugins that you've created the affiliate links for. It doesn't matter if you don't know what the actual plugin folder's name is on the real deal, you just need to make it look convincing. Look at the plugins directory on your blog to get an idea of what the folders look like. Create an index.php file in the folder, and do a php refresh to the affiliate link that corresponds to that folder. Repeat this for each of the affiliate links you've collected. Once that's done, upload these folders to your /wp-content/plugins folder. These new folders will now look the same as your actual plugins, but the problem still remains that people can see which plugins you're using. Go to File> Save Page As (in Firefox, I forget what it is in IE..) and save the file as index.php. Open this file in your favorite text editor (I use TextPad, it's nice for code.. but any text editor should work) and you'll see this: You'll see a listing of both your actual plugins, as well as the fake ones you've just created. There's a problem with the fake ones however, they all have exactly the same date/time of creation, and that looks a little fishy. In the example I'm doing right now, the fake plugins all say April 2, 2009 at 9:02pm.. I fixed this by copying the date/time info from my actual plugins to replace the April 2, 2009 timestamp on the fake ones, and then deleted the lines for the real plugins. I left Akismet because that one is well known, and if it's seen there then a snooper might not catch on right away that the plugin list looks suspicious. This is the finished file. I saved the file, and then uploaded it to my wp-content/plugins folder... now when you try to view the plugins in use on that blog, you see what appears to be an innocent directory listing, but every link (aside from Akismet) is an affiliate link. You may decide to not include a live plugin in your spoof list, that's up to you. Hope you found this tutorial helpful! Thanks for reading!