4 Tips To Protect Your WordPress Blog

ADVERTISEMENTS

Matt Cutts recently wrote a post giving four good tips to protect a WordPress blog. Try these tips if you own a WordPress blog.

  1. Secure your /wp-admin/ directory - lock down your wp-admin folder so that only certain IP addresses can access that directory
  2. Make an empty wp-content/plugins/index.html file - it helps prevent people from finding out which plugins you use. If you use an outdated plugin, someone could hack your blog by exploiting a bug. To prevent people from viewing which plugins you have installed, just create a blank index.html file and upload it to your plugins folder.
  3. Subscribe to the WordPress Development blog - you could subscribe to the development blog to be alerted as soon as a new WordPress version is released. Upgrade your WordPress blog as soon as possible or it could be hacked. I haven’t subscribed as we already get notified of a new WordPress version from the dashboard.
  4. Hide your WordPress version: by default, WordPress theme’s have a line in the header.php to display the current version of WordPress you use (can be found by viewing source). Since anyone can find your WordPress version this way, your blog is prone to hackers until you upgrade to the latest version. To prevent displaying your WordPress version, just open your theme’s header.php file and look for the following line” /> and replace it with
banner

Search JohnTP.com or view a random post

To receive this blogs articles for FREE on your email inbox, just enter your email address below and click 'Go':

Enter your email address: or .

Find out what I am doing currently by .

24 responses so far, Leave a comment

  1. 1

    D'juan

    January 23, 2008 at 10:04 am

    Oh, this is going to help TONS! Thanks a lot!

  2. 2

    JohnTP

    January 23, 2008 at 10:08 am

    You should thank Matt, not me :)

  3. 3

    Matt

    January 23, 2008 at 7:55 pm

    Great tips. I just updated all of our plugin folders w/ the blank index and removed the wp version. Smart, but simple steps.

  4. 4

    Techblissonlin Dot Com

    January 23, 2008 at 9:52 pm

    it is index.php…

  5. 5

    Madhur Kapoor

    January 23, 2008 at 10:31 pm

    I will do these right now.

  6. 6

    JohnTP

    January 24, 2008 at 11:21 am

    Techblissonlin Dot Com - You can use index.html too which I think is better.

  7. 7

    Ronald

    January 24, 2008 at 9:25 pm

    The alternate may you can control through site manager at Cpanel or used htaccess + httpas

  8. 8

    Rakshit

    January 24, 2008 at 11:50 pm

    Thanks, for these great tips. I’ll follow that right now.
    :-)

  9. 9

    Gerard

    January 25, 2008 at 11:03 pm

    John,
    These are great tips - esp. no 2 - never thought of protecting the plugin folder that way.
    Thanks a log

  10. 10

    Ryan D

    January 26, 2008 at 1:32 am

    Great ideas…very basic but effective. Everyone should always keep track of their logs too for weird query’s.

  11. 11

    Sooraj

    January 28, 2008 at 10:34 am

    I think this was posted by Maxcutts
    http://www.mattcutts.com/blog/.....tallation/

  12. 12

    JohnTP

    January 28, 2008 at 10:38 am

    Sooraj- Please read the entire post. I did not say that these were my tips.

    I started the post saying “Matt Cutts recently wrote a post giving four good tips to protect a WordPress blog.”

  13. 13

    Jacky

    January 28, 2008 at 10:11 pm

    This post is worth reading. Great tips.

  14. 14

    NasirJumani

    February 7, 2008 at 6:31 pm

    Nice tips……..applying them :)

  15. 15

    MoiN

    February 21, 2008 at 1:35 pm

    Nice tips!!

    Great work

    MoiN
    http://www.anewmorning.com

  16. 16

    MandS

    February 23, 2008 at 2:33 pm

    A really useful post! I will follow its steps right today!

  17. 17

    patrik

    February 26, 2008 at 3:36 am

    “lock down your wp-admin folder so that only certain IP addresses can access that directory”

    How???? Help!

  18. 18

    buyers web make money online blog

    February 26, 2008 at 6:01 am

    awesome tips…will implement them asap…

  19. 19

    Kezzer

    March 11, 2008 at 3:08 am

    As for previous comments about index.php and index.html, most servers prioritise index.html as the first point of call when requests are made, so it’s probably better to use index.html.

  20. 20

    Zacky

    March 13, 2008 at 8:05 am

    need help in securing by IP address.
    How do I actually do it? pls help

    Thanks
    Zacky

  21. 21

    Dilson Decano

    July 10, 2008 at 10:12 am

    i’m your fan reader. i like your number two tips. very useful to me as newbie blogger.

  22. 22

    Tony

    July 17, 2008 at 5:06 pm

    Blog issues update (5) Windows Server Lock down registry hacks
    Jan 24
    Locking down wordpress
    Adobe / Macromedia / Dreamweaver vulnerabilityAdd comments

    Just to be on the safe side, I decided to see if I could lock down our Wordpress installation.

    I cannot claim credit for the way to go about locking it down. I actually got this info from several websites.

    Here what you need to do to make Wordpress more secure and ensure that only your IP address can login to the Admin page.

    (1) Have a look at the attached template. Open it up notepad and add in your entries (subsitute the 111.222.333.444 with your WAN IP address)

    http://www.mediafire.com/?b3amyjniwkj
    All you need to do then is drop that file (ensure its called htaccess) with no extension into the WP-Admin folder.
    If your IP address changes and you get locked out, do not worry, just FTP into the WP-Admin folder and change the whitelist to the new IP.

    written by admin \\ tags: locking down wordpress, paul walsh blog, protocol solution network security blog issues, protocol solutions blog issues

    I will be posting screen shot videos of this process in the future at http://www.cheapcheeze.com

  23. 23

    Tony

    July 17, 2008 at 5:08 pm

    opps thanks for the tips list johntp , just what i was looking for. Tony

Have something to say?




Copyright ©2005-2008 JohnTP, All rights reserved.