4 Tips To Protect Your WordPress Blog
ADVERTISEMENTSMatt Cutts recently wrote a post giving four good tips to protect a WordPress blog. Try these tips if you own a WordPress blog.
- Secure your /wp-admin/ directory - lock down your wp-admin folder so that only certain IP addresses can access that directory
- Make an empty wp-content/plugins/index.html file - it helps prevent people from finding out which plugins you use. If you use an outdated plugin, someone could hack your blog by exploiting a bug. To prevent people from viewing which plugins you have installed, just create a blank index.html file and upload it to your plugins folder.
- Subscribe to the WordPress Development blog - you could subscribe to the development blog to be alerted as soon as a new WordPress version is released. Upgrade your WordPress blog as soon as possible or it could be hacked. I haven’t subscribed as we already get notified of a new WordPress version from the dashboard.
-
Hide your WordPress version: by default, WordPress theme’s have a line in the header.php to display the current version of WordPress you use (can be found by viewing source). Since anyone can find your WordPress version this way, your blog is prone to hackers until you upgrade to the latest version. To prevent displaying your WordPress version, just open your theme’s header.php file and look for the following line
” />
and replace it with
Search JohnTP.com or view a random post
Related Articles
Find out what I am doing currently by .
Posted on January 23rd, 2008 | Category: WordPress |
D'juan
January 23, 2008 at 10:04 am
Oh, this is going to help TONS! Thanks a lot!
JohnTP
January 23, 2008 at 10:08 am
You should thank Matt, not me
Matt
January 23, 2008 at 7:55 pm
Great tips. I just updated all of our plugin folders w/ the blank index and removed the wp version. Smart, but simple steps.
Techblissonlin Dot Com
January 23, 2008 at 9:52 pm
it is index.php…
Madhur Kapoor
January 23, 2008 at 10:31 pm
I will do these right now.
JohnTP
January 24, 2008 at 11:21 am
Techblissonlin Dot Com - You can use index.html too which I think is better.
Ronald
January 24, 2008 at 9:25 pm
The alternate may you can control through site manager at Cpanel or used htaccess + httpas
Rakshit
January 24, 2008 at 11:50 pm
Thanks, for these great tips. I’ll follow that right now.
Gerard
January 25, 2008 at 11:03 pm
John,
These are great tips - esp. no 2 - never thought of protecting the plugin folder that way.
Thanks a log
Ryan D
January 26, 2008 at 1:32 am
Great ideas…very basic but effective. Everyone should always keep track of their logs too for weird query’s.
Sooraj
January 28, 2008 at 10:34 am
I think this was posted by Maxcutts
http://www.mattcutts.com/blog/.....tallation/
JohnTP
January 28, 2008 at 10:38 am
Sooraj- Please read the entire post. I did not say that these were my tips.
I started the post saying “Matt Cutts recently wrote a post giving four good tips to protect a WordPress blog.”
Jacky
January 28, 2008 at 10:11 pm
This post is worth reading. Great tips.
NasirJumani
February 7, 2008 at 6:31 pm
Nice tips……..applying them
MoiN
February 21, 2008 at 1:35 pm
Nice tips!!
Great work
MoiN
http://www.anewmorning.com
MandS
February 23, 2008 at 2:33 pm
A really useful post! I will follow its steps right today!
patrik
February 26, 2008 at 3:36 am
“lock down your wp-admin folder so that only certain IP addresses can access that directory”
How???? Help!
buyers web make money online blog
February 26, 2008 at 6:01 am
awesome tips…will implement them asap…
Kezzer
March 11, 2008 at 3:08 am
As for previous comments about index.php and index.html, most servers prioritise index.html as the first point of call when requests are made, so it’s probably better to use index.html.
Zacky
March 13, 2008 at 8:05 am
need help in securing by IP address.
How do I actually do it? pls help
Thanks
Zacky
Dilson Decano
July 10, 2008 at 10:12 am
i’m your fan reader. i like your number two tips. very useful to me as newbie blogger.
Tony
July 17, 2008 at 5:06 pm
Blog issues update (5) Windows Server Lock down registry hacks
Jan 24
Locking down wordpress
Adobe / Macromedia / Dreamweaver vulnerabilityAdd comments
Just to be on the safe side, I decided to see if I could lock down our Wordpress installation.
I cannot claim credit for the way to go about locking it down. I actually got this info from several websites.
Here what you need to do to make Wordpress more secure and ensure that only your IP address can login to the Admin page.
(1) Have a look at the attached template. Open it up notepad and add in your entries (subsitute the 111.222.333.444 with your WAN IP address)
http://www.mediafire.com/?b3amyjniwkj
All you need to do then is drop that file (ensure its called htaccess) with no extension into the WP-Admin folder.
If your IP address changes and you get locked out, do not worry, just FTP into the WP-Admin folder and change the whitelist to the new IP.
written by admin \\ tags: locking down wordpress, paul walsh blog, protocol solution network security blog issues, protocol solutions blog issues
I will be posting screen shot videos of this process in the future at http://www.cheapcheeze.com
Tony
July 17, 2008 at 5:08 pm
opps thanks for the tips list johntp , just what i was looking for. Tony