With most installations of WordPress there comes a small security flaw that potentially could be exploited but in most cases it’s harmless. This is not a new trick and it’s nothing illegal to do but usually you can find out exactly what plugins other WordPress blogs are using. This simple way of sniffing out one’s plugins is basically done by browsing directly to their plugin folder.
Here’s how you’d do it.
Now you can see exactly what plugins they’re using. There’s really no harm in knowing this but there’s a chance someone could exploit their blog. Say for example, one of the plugins like “wp-grins” has a security hole. Now you know this site runs it and you can launch an attack. There’s never been any cases that I’m aware of and that’s probably why the WordPress developers haven’t done anything about it.
It’s also a good way to figure out what certain plugin a site is using so you can get it for your own site. I’ve done this a few times in the past when I stumble upon a site with some cool features. How I’ve done this is by usually just viewing the source, looking for their .js or .css files and then searching Google by that name.
Now that you’ve had fun browsing someone else’s plugins folder, it’s time to try your own. If you’re able to see your plugins via a browser, then I’d recommend tightining up your security. The easiest way is to create a blank index.html or index.php file and put it directly in your plugins directory. This will make it so a blank page will load instead of the directory itself.
Another way to block people is by turning off directory browsing which is a web server configuration. It’s more involved and technical vs the quick and easy blank index.html file.
I hope you’ve had fun and in the process and tightened up your own blog’s security. You can never be too safe!
Ready to super charge your blog? Check out our partners professional premium WordPress themes!