WordPress Security Hole – Unguarded Folder

November 16, 2011 by
Filed under: Personal Talk 

It’s undeniable that most people on the IM world are using WordPress on their site. Speaking of wordpress security, even though the wordpress developer team has managed to fix a lot of bugs, there is still a security bug that can leak out our precious file that we upload on to our wordpress site.

Not all folders on WordPress are protected by the index file. One of the folder that you really should be taking care of is the uploads folder (/wp-content/uploads/)

Let’s say your site name is http://yoursitename.com, people can easily take a peak on your uploaded file by simply adding “/wp-content/uploads/”.

By entering http://yoursitename.com/wp-content/uploads/ , all files that are being uploaded using the media section can be downloaded if the folder itself is not properly guarded.

Here is an example of what I get when I tried the trick on one of the unguarded site

Pic of upload folder

Stay tune for more post as I’m going to reveal how to guard your wordpress uploads folder


Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

  • Subscribe Mailing List Here

    * indicates required
  • SEMrush