1. Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27
I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address 64.233.169.99 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.
2. Make an empty wp-content/plugins/index.html file. Otherwise you leak information on which plug-ins you run. If someone wanted to hack your blog, they might be able to do it by discovering that you run an out-of-date plugin on your blog and then they could exploit that.
3. Subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ . When WordPress patches a security hole or releases a new version, they announce it on that blog. If you see a security patch released, you need to upgrade or apply the patch. You leave yourself open to being hacked if you don’t upgrade.
And here’s a bonus tip: in the header.php file for your theme, you might want to check for a line like
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please -->
I’d just go ahead and delete that line or at least the bloginfo(’version’). If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog.
source: mattcutts
Related Stuff
New WordPress feature, Possibly Related PostsIf you have a blog on WordPress.com, you may have noticed a new feature called Possibly Related that links posts from other blogs in the ...
What Do You Need to Set up a Wordpress BlogI've found myself answering this question a lot lately, so I figure I should just turn it into a blog post so I can point people to ...
How To Make a WordPress Privacy PolicyEver since Adsense updated their terms and conditions, requiring publishers to display a privacy policy on their website(s), webmasters and ...
WordPress Single Post TemplatesAustin recommends using a filter in your functions.php file as an alternative to the method below. IMO, his suggestion is much simpler and ...
Wordpress Plugin - SuperFast Digg ThisSuperFast Digg This is really a super fast social bookmarking plugin, it loads faster than others, scalable and with better performance. It ...
Be the first ... |Add your comment.
Your Comment ...
Name (required)
Email (required, hidden)
Website