Howto secure wordpress
We all know how secure wordpress is out of the box and if you miss a patch then .. well your just asking for big trouble. Generally upgrading your wordpress to the latest release will keep out 99% of the hackers and bots out there scouring the web for insecure wordpress sites (and believe me there are a lot). There are a few plugins out there that I use to help secure wordpress, there are more so this is not the be all end all but it will help.
Secure WordPress: This is a great plugin although some of the features dont work (such as the scan feature). It will secure many parts of your wordpress including removing wordpress versions, putting index files in directories and blocks bad hacker queries. Basically a must have for wordpress installs.
Admin Protector: this plugin basically puts a .htaccess type login box on your wp-admin, if you dont have users or multiple authors this plugin is very useful.
Admin SSL: This plugin will redirect your wp-admin to https:// if you dont have an ssl certificate then this plugin probably wont help you.
WordPress File Monitor: This tool is really great for monitoring what files are changing in your wordpress, its always a good indicator if your have been compromised if a file in your wordpress changes that you didnt know about. You can schedule a scan of the files for hourly, daily etc.. the settings I like to use here are scan every 3 hours, Detection mode Hash and exclude directories wp-content/cache and wp-content/uploads
WP-DB Manager: ok so this plugin doesn’t necessarily help you not get hacked, but in the case that you do and your website goes to hell or your database gets wiped out this little tool will serve you wonders. The secret to this one is using the automatic database backup feature and schedule it to email you the database backups once a day. (Dont forget to use the Gzip compression!)
Put this in your wp-admin folder as .htaccess (stole this from wordpress bulletproof)
# BULLETPROOF .45.2 WP-ADMIN SECURE .HTACCESS
# The Most Common Apache Directives to force PHP5 to be used instead of PHP4
# Some web hosts have very specific directives – check with your web host first
# Remove the pound sign in front of AddType x-mapp-php5 .php for 1&1 web hosting
# AddType x-mapp-php5 .php
# Other common possibilities depending on your web host – check with your web host first
# AddHandler application/x-httpd-php5 .php
# AddHandler cgi-php5 .php
# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]
# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} ../ [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag= [NC,OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>||”|;|?|*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ – [F,L]
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.