Locking Down WP

Posted by admin on January 3, 2010 · Leave a Comment

With every release WordPress becomes more secure. On the other hand, everyday hackers become increasingly smarter and more malicious. Out of the box, WordPress can’t be as secure as it’d like to be, so they even give us some tips.

WordPress’ site already has an article on on Hardening WordPress.

One of the quick things you can do is restrict access to the WordPress administration side. Create the file, “.htaccess” in /wp-admin/ and paste the following into it, replacing the IP address with your own. Find your IP.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
# whitelist this IP address
allow from 209.173.246.4

Secondly, create an empty index.html file in your /wp-content/plugins/ directory. This will prevent the listing of your plugins for the world to see, making it a bit harder for hackers to find exploits.

Next, delete the username “admin” (obviously make a new username for yourself first), and use a strong password for your login.

Finally, install WP Security Scan to make sure everything checks out.

Filed under WordPress · Tagged with wordpress tips

About admin

Comments are closed.

SecureWebs Web Hosting
SecureWebs

PO Box 377
Kettle Falls, WA. 99141 USA
Telephone: 1-509-684-2511

SecureWebs

Locking Down WP