Tips to protect your WordPress blog
Posted in Plugins, Tips & Tricks, Wordpress by Pavel CioriciMany of blogs based on WordPress have been hacked. To avoid the hackersame disaster from happening to your own blog, you can try the tips below to make your Wordpress blog more secure, at least from the view of script kiddies.
But firstly, I would like to recommend you a plugin called WP Security Scan, which scans your WordPress installation for security vulnerabilities, passwords, file permissions, database security, version hiding, WordPress admin protection/security and suggests corrective actions.
- 1. Remove Wordpress ‘version string’ in your theme files
- 1. Go to Wordpress dashboard, click on presentation -> edit themes -> header.php
- 2. Find and remove this. bloginfo(’version’) Save the file.
Explanation: Hide the version number of your Wordpress such that it will be hard for hacker to find security loopholes for the specific version of Wordpress.
- 2. Place empty ‘index.html’ file in the plugins folder
- 1. Open Notepad. Click ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files)
- 2. Upload the file to Wordpress plugins folder in your web server.
Explanation: Hide the plugins used by your Wordpress blog. It uses the same concept as above which is to hide security loopholes in the plugins.
- 3. Upload a copy of .htaccess file in the wp-admin folder
- 1. Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla)
- 2. Go to your wp-admin folder
- 3. Upload the .htaccess file you’ve downloaded just now.
Explanation: Prevent files in wp-admin from being accessed by hackers by limiting the access to this folder by IP address (means that the access is limited to the server owner/user only).
Digg This
Delicious
Stumble
Reddit
Mixx
Subscribe
My name is Pavel Ciorici and I am very glad to see you on this blog. I am 20 years old and my home is somewhere in Europe. I`m from Moldova and I am blogging about Tips & Hacks for bloggers, about blogs design and Themes for WordPress.
On this blog I will publish the latest WordPress themes and Plugins, WordPress developement, blogging tips, articles, anything WordPress related, interviews and more.
mergelayers
9 Apr 2008
Good tip!
–
Digitalizes
10 Apr 2008
There is some good advice here, I will give your ideas a go as I am a little concerned about security.
Digitalizes
10 Apr 2008
This edit function is really cool. Are you using a plugin for this, if so, which one?
Pavel Ciorici
11 Apr 2008
@ Digitalizes, yes it is a plugin called Ajax Edit Comments [ link ]
Digitalizes
11 Apr 2008
Thanks! I have installed it. Really nice.
tony hogan
12 Apr 2008
I’m curious about the second thing.
You are saying create a blank html file and save it in the plugins folder.
Can you explain how this would hide the others. It doesn’t make sense to me.
and in the third example, why would you show the hidden files?
Thanks Tony
Nicu Vartolomei
13 Apr 2008
@tony hogan, many Apache servers show the content of the folder if this folder without index.html file ;)
tony hogan
14 Apr 2008
Thanks
Yan
27 May 2008
I like the way you allow the commentator to edit the comment for a specific time.
Thanks for sharing the plugin, it saves me the time to actually ask you.