Yes, this blog is run on Blogger, but I have several Wordpress blogs. I got so sick of my Wordpress blogs getting hacked that I finally started to password protect my wp-admin directory with an .htaccess password. That worked perfectly for awhile, until I discovered that I could not use friendly URLs with that setup. I reluctantly took the .htaccess password off of the wp-admin directory and used the following techniques to secure my WP install.
- Change the Database Prefix
Don't use the default database prefix in the wp-config.php file. Change it to something other than "wp_"
- Protect Your wp-config.php File
Add the following to the .htaccess file:
<Files wp-config.php>
order allow,deny
deny from all
<⁄Files>
- Protect Your .htaccess File
Add the following to the .htaccess file:
<Files .htaccess>
order allow,deny
deny from all
<⁄Files> - Hide the Wordpress version
Add the following to the the functions.php file for the theme you're using.
remove_action('wp_header', 'wp_generator');
Additionally, adding the following removes the version from the RSS feeds:
function wpt_remove_version() {
return '';
}
add_filter('the_generator', 'wpt_remove_version'); - Install a plugin that limits the number of login attempts
There are several, but you can download one here.
- Don't use "admin" as your username
Obviously, change your username to something other than "admin."
- Use a strong password
Make sure your password is at least 8 characters in length, preferably 10 or more.
- Protect the wp-admin folder by IP
You can restrict who can access the wp-admin folder. Add a separate .htaccess file in the wp-admin folder, and add the following code that contains your IP address. Keep in mind, if you're traveling you'll have to remove the .htaccess file from the wp-admin folder to administer your blog.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist IP address
allow from 72.165.46.
# whitelist another IP address
allow from 25.27.2.
</LIMIT>