Jun | 20 | 2007

Protect Important Folders in your Blog

Posted by Ia as Blog Tutorial, Blogging Tools, Tips

Bill Hartzer’s recent post reminds us to mask some of the more sensitive spots in your blog. Although this is only applicable to self-hosted blogs, I think everyone will benefit from this tip of keeping your blog secure. It’s another one of those tasks we should do habitually but often forget.

Here’s how it works: we should not allow sensitive directories on our blogs to list their contents publicly. We do not want malicious visitors getting any hints on how they can compromise our websites. We should not let search engines list irrelevant folders in their results.

Hartzer wrote specifically about denying other people access to one’s WordPress plugins directory, but when you go through your site carefully, you’ll notice several more directories you might want to protect:

Folders You Might Want To Protect

Folders for your photos, music, and videos. Unless you uploaded your multimedia so that anyone can download (or hotlink to) them, it’s best to hide the directory index from other people. This can potentially save you lots of bandwidth!

Folders for your blog admin panel. If possible, avoid revealing which locations need to be hacked to get into your blog.

Folders for your blog themes. This specifically applies to bloggers who have a custom-made theme. Don’t make it devastatingly simple for copycats to clone your blog design.

How to Protect These Directories

Here are ways of protecting your important and sensitive blog folders. You can apply what you’ve learned here to other non-blog folders (if you’re running some other type of website, whether static or dynamic).

Disable directory contents from being listed. JavascriptKit explains how to hide files from being listed inside a directory using .htaccess. Check out the other pages to learn how .htaccess works and other things you can do with it.

Password-protect the directories. Michi Kono has written a tutorial on how to rename and protect the WordPress administration folder (wp-admin). You can also apply this to specific directories one by one.

Prevent searchbots and spiders from accessing those directories. Most search engines follow the rules of skipping directories and files that are listed in a robots.txt file. Here’s Google’s own robots.txt file. To make bots and spiders skip directories and files, create a text file called robots.txt and enter the following:

User-agent: *
Disallow: */feed*
Disallow: */trackback
Disallow: */wp-admin
Disallow: */wp-content
Disallow: */wp-includes
Disallow: *wp-login.php

You can add more directories you wish to hide from search engines by following the format above. Learn more about robots.txt at its own website.

The only catch is that you need access to your blog folders. But if you’ve been uploading images for your blog posts, installing plugins, and adding new themes, you probably know how already.

Related Articles

4 Responses

  1. joel badinas

    21|Jun|2007

    Hi,

    With other blogging software like Wordpress, this is possible. But if you are using Blogger, like I do, you can’t set your .htaccess file. Do you have a suggestion for this?

  2. Ia Lucero

    21|Jun|2007

    Well, I’d expect Blogger/Google to take care of my data and other security issues I have in mind. Hosted blogging solutions (like TypePad and Wordpress.com as well) should behave that way, especially paid ones. And you won’t have any chance to create new directories that need to be protected, so that’s not going to be a problem. :) I hope I was clear enough.

  3. fransisqw

    13|Feb|2008

    I like to play online games and have found few online games in demo mode which are very small to play.
    So please suggest me few web sites where I can fine some good full version online games.

  4. Tech, How to, Software Reviews, Linux, Dog, Make Money Online with AhTim

    31|Mar|2008

    Protect Private Files and Folders…

    Do you have files or folders that you do not want to share with others? I know you will say as long as we do not share our computer login password, we are safe. But how if you are sharing computer with your colleagues in office? Even you do not share, …


Leave a reply

  
Our Features

  • Design and Themes

    Is Your Blog W3C Compliant?

    Last night I checked my personal blog’s code hoping I can proudly display the W3C Validated Button. Since I use Blogger and do not really do anything to clean up the code (beyond adding Alt-tags to the images I embed) I wasn’t surprised at all to find that my blog contained lots of errors - [...]

    Read on
    More Design and Themes Features

  • Software and Widgets

    Wordpress Plug-ins

    If you blog using Wordpress and can’t do something that you want done like adding Sphere-related content at the end of your blog posts you might be surprised to find out that there are already plug-ins available that make it happen.
    To find good Wordpress plug-ins all you need to do is search for “wordpress [...]

    Read on
    More Software and Widgets Features

  • Reviews

    A Friend In Need

    I’m helping out my friends from the UA&P - IShareHappiness Blog Team.
    Whenever you feel pessimistic, angry, troubled, frustrated, and depressed – what have you – you need someone to talk to. Someone who could help you be more optimistic and help make you feel that there is hope. Sometimes it’s hard to talk to someone [...]

    Read on
    More Blog Reviews

  • Monetization

    Making Money Through Consumer Generated Ads

    As I mentioned in my previous post today I will be suggesting some ways you can still profit by joining programs such as Pay Per Post and yet ensure that your readers don’t get turned off.
    In my opinion the only way to really do this is by making sure that your blog entries stay [...]

    Read on
    More Monetization Features

  • Marketing and Search Optimization

    Building your blog brand step by step

    Building your blog’s brand does not need to be difficult. However, when it comes to branding you should always remember to exert effort to be consistent with the image you wish to portray or you’ll end up with confused, turned-off, and/or skeptical readers. Branding inconsistencies will make it obvious that the image you’re putting up [...]

    Read on
    More Marketing and SEO Features

  • Blog Resources

    WordPress Themes Blog Hoster
    Performancing Metrics
Payu2blog

SUBSCRIBE

CATEGORIES

Sponsors

CONTRIBUTORS

RESOURCES

BLOG METRICS