Secure Your Wordpress Hole

Advertised by :

If you using wordpress as your blog platform, you should do these 4 steps to protect your wordpress vulnerability. Thanks to Matt Cutts who giving four good tips to protect a WordPress blog :

1. Secure your /wp-admin/ directory
This the first thing that you have to do. Lock your wp-admin folder so that only certain IP addresses can access that directory.
Lock this folder from any search engine robots. How to lock it, you can play with .htaccess file which you can place directly at /wp-admin/.htaccess. Make new file, name it .htaccess, write these kind command into your .htaccess file: ( you should change the IP address related to your IP address )

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27

This file means that the IP address 64.233.169.99 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Thanks for the good example Matt. :D

2. Make an empty wp-content/plugins/index.html file
Why i should make empty the index.html file in wp-content/plugins/ folder? Basically this index.html file does not exists in that folder. If you type : http://yoursite.com/wp-content/plugins/, it will list your plugin information that your blog used. So, people can see what plugins that you used, then if you use an outdated plugin, someone could hack your blog by exploiting a bug. To prevent people from viewing which plugins you have installed, just create a blank index.html file and upload it to your plugins folder. So when you type http://yoursite.com/wp-content/plugins/ again, it will call empty index.html, people just see blank page.

3. Hide your WordPress version
To see your WordPress version, you can get it in your WordPress theme’s in the header.php, got line that will display the current version of WordPress you use (can be found by right click your site, then viewing source). Why i should hide my wordpress version. The answer is simple, if anyone can see your wordpress version, your blog is prone to hackers until you upgrade to the latest version of wordpress ( now is 2.5 )
Then how to prevent displaying my WordPress version? Simple, just open your theme’s header.php file and look for the following line :

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

and replace it with :

<meta name=”generator” content=”WordPress” />

4. Subscribe to the WordPress Development blog
The last tips but not the least, you could subscribe to the development blog to be alerted as soon as a new WordPress version is released. You should upgrade your WordPress blog as soon as possible or it could be hacked. Or, to see the wordpress version, we surely get notified every time we login into your wordpress dashboard.
Maybe some others wordpress user don’t want to upgrade to latest version of wordpress related to plugin compatibility. So its up to you whether you want to upgrade or not. Its depend on your case and needs.

Submit Article :- BlinkList + Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

Related Posts :
  • Wordpress 2.5.1 Released
  • Wordpress 2.5 Bug - Can’t Insert Image into Post
  • Easy and Secure Payday Loan
  • New Features Wordpress 2.6
  • ReviewABC Changed its Theme
  • Real Estate Investing Success Stories
  • How to Solve Error : registers_globals is enabled

    • Posted in: Wordpress

    Tags: , , , ,

    This entry was posted on Wednesday, April 23rd, 2008 at 4:49 am and is filed under Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply