I read a nice tip at ShoeMoney’s blog to improve the security of your WordPress blog.
On standard WordPress installations the plugins folder is open for public browsing. This basically means that someone can surf to yourwordpressblog.com/wp-content/plugins/ and see all the plugins you’re running on your blog. Someone with bad intentions could then do some googleing to find out if there are any exploits available for the plugins you’re running.
Or if Google has indexed your plugin folders hackers may be able to find your site by entering queries in Google to find exploitable blogs.
There are several ways to fix this problem. You can disable public browsing of folders by putting Options -Indexes
in your .htaccess file or you can upload a blank index.html file to your WordPress plugins folder so users who attempt to surf to your plugins folder will be served a blank page.
It’s not really a huge security risk but not having a blank index file in there may help users with malicious intentions to hack your blog.