6 Ways to Protect Your Wordpress From Hackers
I’ve been receiving some hack attempts to my site according to the server log. As a blogger you must protect your site from intruders. This post is dedicated for newbie-average bloggers or webmasters. I just want to share on how to protect your wordpress sites.
1. Update your Wordpress to the latest stable version. As of this date, the Wordpress version is 3.0. The latest version has more security features than the older one. You can check other features of the new wordpress version called thelonious, be sure to play the video.You can download the wordpress script here. See for yourself on what is the latest version. Recently I’ve blogged about the Wordpress 3.0 bug. I personally advice that you should either use version 2.8 and up or wait for 3.0.1/3.1.
2. Use very long passwords. Usually Wordpress generates system-generated passwords when you install it. You can keep that password and save it to a notepad or word documents or keep the installation email you will received from Wordpress after installing it so that you can retrieve it if your using other PC’s or if you’re in a internet shop.
3. Allow certain IP’s that can access your wp-admin. Add .htaccess to your wp-admin. If you’re not familiar with .htaccess. I have a page about creating .htaccess files. After creating your .htaccess files. First you must know your IP. You can check it using whatismyip.com. Then replace the IP below using your IP.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “SEOPinoy Allow Access”
AuthType Basic
deny from all
allow from 116.126.215.193
allow from 115.143.441.130
This technique is for people using static IP’s. But don’t worry if you’re using dynamic IP’s especially if you’re still using dial-up connection(OMG), you just have to update your htaccess whenever your IP has been changed. If you cannot access your wp-admin, then it means your IP has been changed by your ISP. Be sure to upload this .htaccess files on your wp-admin folder not on the root folder.
4. Disable access to your directories. This is somewhat very important because if you’re saving your password or anything important in your host, someone might gain access to it if this isn’t disabled. You can do these by adding these codes on your .htaccess
Options All -Indexes
5. Backup your .htaccess. From time to time someone might want to hack your site. It is very important to keep track of all the changes you’ve made on your .htaccess.
6. Disable access to your .htaccess. Ofcourse after adding the above codes to your htaccess you must protect the file that contains the codes. Just add these codes on your .htaccess files. Use file permissions 644. See below image on how to configure file permissions for a certain file. Image taken from my “how to create a phpld in 20 minutes” post.
Add these codes to your .htaccess files
order allow,deny
deny from all
That’s all folks. Will add more if I discover or observe some security features to prevent your site from hackers. Again, these information doesn’t guarantee you that your site will be hack-free. These are just preventive measures. No site is hack-free in the internet even google, yahoo, and other big internet companies have been victims of hackers.