I’m hoping that many of you have already done these. I believe that this post is starting to be a bit outdated. Particularly the tip about keeping your WordPress up to date.
Secure your /wp-admin/ Folder
Basically you use a .htaccess file, on Apache servers, to limit access to the /wp-admin/ folder to a limited number of IP addresses. I don’t use this at all because I sometimes login to my Dashboard from a dialup internet connection, which means I have a variable IP address so it doesn’t quite work that well for me. However for those of you who have static IP addresses via cable or login via VPN or something along those lines, this is very suitable to stop anyone, and everyone from logging in to your wp-admin panel. You would only experience problems if you had more than one author for your blog. It is a good idea, but not for everyone.
The code to limit access to /wp-admin/ to specific IP addresses is as follows:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic order deny,allow deny from all allow from xx.xx.xx.xx allow from xx.xx.xxx.xx
Hide your Plugins
Basically all you need to do is to insert a blank index.html file into the /wp-content/plugins/ folder so that anyone navigating to that folder receives a blank page, and not the possible chance of displaying a list of the folders for all the plugins you potentially have activated on your blog. You could also have an index.php file so that you can redirect the people navigating to the folder to the main page of you blog using the following code:
1 2 3 | <?php header('location: http://yourdomain.com'); ?> |
and anyone navigating to unwanted places and be forced to your main page of the blog, it can also be done by tweaking the .htaccess file to not display indexes.
Keep upto Date with Patches and Plugins
Well this is now a much easier process to keep up with. In WP 2.7, the dashboard has tiny popup balloons that tells you how many plugins have updates available, and also the core WordPress code has a similar feature. As well as alerting you to the available update, they allow you to download the plugin and activate it automatically for you. There are some hosts out there where this doesn’t work, particularly those who limit http requests from a server. However, I have never come across a webhost that limits those requests, so keeping WP upto date is just so much easier right now.
Inspired by Daily Blog Tips.
Popularity: 11% [?]
January 14th, 2009 at 4:21 pm
博主的文章不错。是自己写的吗?我要转载一下,请问你是原作者吗?
Ed: Translation from Google Translate: “Bo main article is true. They wrote it? I would like to reprint what, may I ask you are original author it?”
January 15th, 2009 at 9:25 am
These are old tips, but all tips are still relevant, even if you have to modify them slightly to make them work.