“Hiding” WordPress installation files
By default, all the WordPress installation files are readable from a browser. What happens if example.com’s WordPress installation is at /wordpress/, and you go to http://example.com/wordpress/wp-content/plugins/ with your browser? Yes, you’re browsing the plugin directory. Obviously, changing permissions is not going to work, but it is possible to obscure the access to the files (hence “hiding”). Read on for details.
