Next update v.1.3 is available for Silence is Golden Guard WordPress plugin. It may now redirect every directory listing request to the site root, rebuild all SIG created dummy index.php file according to format selected (redirection to the root or just empty page), remove unused (garbage like) files from plugins folders, such as readme.txt, screenshot-*.gif, screenshot-*.png, screenshot-*.jpg. Those files are put into plugin setup package for wordpress.org to show information at the plugin page, and 1st – not used at your blog, 2nd – might expose plugin version to the potential attacker easy. He can see them in his browser. In case you use some plugin version with known vulnerability – it can be dangerous and it makes attackers life easier. We don’t want that, right?
If you have ideas to propose as addition to this plugin functionality, you are welcome! What staff from installed WordPress or its plugins is too promptness for the potential attackers? I will add an option to remove it to the next SIG Guard plugin version. [nothankyou]

Tags: Security, wordpress plugin

This entry was posted on Monday, April 12th, 2010 at 11:30 and is filed under Security, ShinePHP plugins news, WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.