Wordpress Security

:

How to Secure your Wordpress Installation

Wordpress Security

Wordpress LogoI am sure most of you are aware of the recent vulnerabilities of a Wordpress blog. Here are three simple but important ways of protecting your Wordpress blog:

1. Make sure you have secured your /wp-admin/ directory. What Matt Cutts suggests is to lock down /wp-admin/ so that only certain IP addresses can access that directory. Matt on the example used an .htaccess file, which he placed directly at /wp-admin/.htaccess . Below is an example of how the .htaccess file should look like:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27

This file says that the IP address 64.233.169.99 (and the other IP addresses that are in the whitelist) are allowed to access /wp-admin/, but all other IP addresses are denied access to that directory.

2. Make an empty wp-content/plugins/index.html file. Otherwise you may leak information on which plug-ins you are running on your blog. If someone wanted to hack your blog, they might be able to do it by figuring out all the out-of-date plug-ins your blog runs and they may try to exploit that.

3. Subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ . When WordPress patches a security hole or releases a new version, they announce it on that blog. If you see a security patch released, you need to upgrade or apply the patch.

Bonus tip: In the header.php file for your theme, you might want to check for a line like

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> < !-– leave this for stats please --></meta>

I’d just go ahead and delete that line or at least the bloginfo(’version’). If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog.

Wordpress Security

Wordpress Security <-- Click to go to the top of the page.

Posted on Friday, February 15th, 2008 at 8:14 am by SEO Company.
Filed under Wordpress.
Comments are available as a RSS 2.0 feed.
Both comments and pings are currently closed.

Comments are closed.