WordPress, i think mostly of you will know what it is. WordPress is web software you can use to create a beautiful website or blog. WordPress again is a free and open source blogging tool and content management system (CMS) based on PHP and MySQL. Common mistakes upon setting up a wordpress, they will leave it after the installation was done. How about the securitys for wordpress? As an users, we lack an understanding of basic security, database management, or the dangers of excessive plugin usage.
For my opinion, I believe by editing your .htaccess will give another extra protection for your wordpress. First is to add some extra protection to your wp-config.php file, download your .htaccess file from the root directory of your Apache server, then edit the file and add the following lines:
[php]# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>[/php]
Two helpful .htaccess hacks include disabling your server signature and disabling directory browsing. Disabling your server signature hides sensitive data such as your Apache version number and operating system information:
# disable the server signature
ServerSignature Off
# disable directory browsing
Options All -Indexes
Then is to make sure that your .htaccess file itself is adequately protected. Once you’ve added this last bit of code to the file, you can send it back to your server:
[php]# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>[/php]
Now you may save the file and upload it back.
Additional, you may also add protection for your wp-admin folder. The wp-admin page lets you administer pages, posts, templates, and plugins, which means it’s pretty important. Add the following code to your downloaded .htaccess file inside the folder wp-admin, then save the file:
#Protect wp-admin
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from xxx.xxx.xxx.xxx
# whitelist work IP address
allow from yy.yyy.yyy.yyy
As long as your ISP isn’t changing your IP address on a regular basis, allowing only your own IP address to access files in wp-admin can help you avoid attacks by script kiddies who try to break into your WordPress installation. However, you must remember to update your .htaccess data when your IP address changes.
There is an alternative to adds crazy additional password protection and security to your wordpess is to install a plugin called “AskApache Password Protect” that’s designed to protect your WordPress site from potential bot hacking threats.
jonboy60
I’m a Malaysian, my name is Jon Loh (jonboy60) living in Kuala Lumpur and working in Petaling Jaya, Malaysia. Jonboy60.com is a blog magazine about Linux and other open source softwares. All about to a daily jobs or real life experiences I had since the year 2002 administrating Linux and Windows server in a hosting company. Basically i will be offering Linux tips, howto, tricks, latest news and tutorial. Contact Me for Career opportunities, business offers, Linux solutions for business or home, web and email server solutions, Linux consulting and expertise requests. Email to me on jonboy60{@}gmail.com. The site I’m running is VenCouture.com – Malaysia Online Fashion Shopping Boutique, VenCouture. We sell fashion clothes, sexy lingeries, baby clothing and etc.
Follow Me:
