It sucks, but a lot of plugins require certain directories to be set at CHMOD 777 for its file permissions. Of course, you should not use any plugin that requires 777 directories, but if you absolutely must, you can help protect the folder by adding a thin slice of htaccess. This works great for any directory requiring “loose-ish” permissions (i.e., anything greater than 755), and may also be useful for other key folders as well.
They key here is that only you and the server need access to the folder that you want to protect, so for example, stuff like:
Anything that regular users aren’t going to need to access. Then, you’ll also need the IP address of your server and your own machine. Once you have that information, use it to edit the following code:
Deny from all
Allow from 123.456.789.0
Allow from 0.123.456.789
You can emulate the “Allow from” lines to allow more IP addresses. Like maybe you’ve got a remote office or something. Once the code is ready, just copy and paste into an htaccess file located in the directory you would like to protect. Fix it and forget it, as they say..
I use this code on several sites and it works great. Only takes a minute to setup, and greatly improves the security of otherwise potentially vulnerable directories.