How I secure my WordPress blogs


Yes, this blog is run on Blogger, but I have several Wordpress blogs. I got so sick of my Wordpress blogs getting hacked that I finally started to password protect my wp-admin directory with an .htaccess password. That worked perfectly for awhile, until I discovered that I could not use friendly URLs with that setup. I reluctantly took the .htaccess password off of the wp-admin directory and used the following techniques to secure my WP install.





  • Change the Database Prefix
    Don't use the default database prefix in the wp-config.php file. Change it to something other than "wp_"

  • Protect Your wp-config.php File

    Add the following to the .htaccess file:

    <Files wp-config.php>
    order allow,deny
    deny from all
    <⁄Files>

  • Protect Your .htaccess File

    Add the following to the .htaccess file:
    <Files .htaccess>
    order allow,deny
    deny from all
    <⁄Files>
  • Hide the Wordpress version

    Add the following to the the functions.php file for the theme you're using.
    remove_action('wp_header', 'wp_generator');
    Additionally, adding the following removes the version from the RSS feeds:
    function wpt_remove_version() {
    return '';
    }
    add_filter('the_generator', 'wpt_remove_version');
  • Install a plugin that limits the number of login attempts
    There are several, but you can download one here.

  • Don't use "admin" as your username
    Obviously, change your username to something other than "admin."

  • Use a strong password
    Make sure your password is at least 8 characters in length, preferably 10 or more.


  • Protect the wp-admin folder by IP

    You can restrict who can access the wp-admin folder. Add a separate .htaccess file in the wp-admin folder, and add the following code that contains your IP address. Keep in mind, if you're traveling you'll have to remove the .htaccess file from the wp-admin folder to administer your blog.

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "WordPress Admin Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    # whitelist IP address
    allow from 72.165.46.
    # whitelist another IP address
    allow from 25.27.2.
    </LIMIT>

Posted in . Bookmark the permalink. RSS feed for this post.

Leave a Reply

Search

Swedish Greys - a WordPress theme from Nordic Themepark. Converted by LiteThemes.com.