4 Tips To Protect Your WordPress Blog
Matt Cutts recently wrote a post giving four good tips to protect a WordPress blog. Try these tips if you own a WordPress blog.
- Secure your /wp-admin/ directory - lock down your wp-admin folder so that only certain IP addresses can access that directory
- Make an empty wp-content/plugins/index.html file - it helps prevent people from finding out which plugins you use. If you use an outdated plugin, someone could hack your blog by exploiting a bug. To prevent people from viewing which plugins you have installed, just create a blank index.html file and upload it to your plugins folder.
- Subscribe to the WordPress Development blog - you could subscribe to the development blog to be alerted as soon as a new WordPress version is released. Upgrade your WordPress blog as soon as possible or it could be hacked. I haven’t subscribed as we already get notified of a new WordPress version from the dashboard.
- Hide your WordPress version: by default, WordPress theme’s have a line in the header.php to display the current version of WordPress you use (can be found by viewing source). Since anyone can find your WordPress version this way, your blog is prone to hackers until you upgrade to the latest version. To prevent displaying your WordPress version, just open your theme’s header.php file and look for the following line
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />and replace it with<meta content="WordPress" name="generator" />
Enjoyed this article? Subscribe to the Full RSS Feed
Posted on January 23rd, 2008 | Category: WordPress |
D'juan
January 23, 2008 at 10:04 am
Oh, this is going to help TONS! Thanks a lot!
JohnTP
January 23, 2008 at 10:08 am
You should thank Matt, not me
Matt
January 23, 2008 at 7:55 pm
Great tips. I just updated all of our plugin folders w/ the blank index and removed the wp version. Smart, but simple steps.
Techblissonlin Dot Com
January 23, 2008 at 9:52 pm
it is index.php…
Madhur Kapoor
January 23, 2008 at 10:31 pm
I will do these right now.
JohnTP
January 24, 2008 at 11:21 am
Techblissonlin Dot Com - You can use index.html too which I think is better.
Ronald
January 24, 2008 at 9:25 pm
The alternate may you can control through site manager at Cpanel or used htaccess + httpas
Rakshit
January 24, 2008 at 11:50 pm
Thanks, for these great tips. I’ll follow that right now.
Gerard
January 25, 2008 at 11:03 pm
John,
These are great tips - esp. no 2 - never thought of protecting the plugin folder that way.
Thanks a log
Ryan D
January 26, 2008 at 1:32 am
Great ideas…very basic but effective. Everyone should always keep track of their logs too for weird query’s.
Sooraj
January 28, 2008 at 10:34 am
I think this was posted by Maxcutts
http://www.mattcutts.com/blog/.....tallation/
JohnTP
January 28, 2008 at 10:38 am
Sooraj- Please read the entire post. I did not say that these were my tips.
I started the post saying “Matt Cutts recently wrote a post giving four good tips to protect a WordPress blog.”
Jacky
January 28, 2008 at 10:11 pm
This post is worth reading. Great tips.
NasirJumani
February 7, 2008 at 6:31 pm
Nice tips……..applying them
MoiN
February 21, 2008 at 1:35 pm
Nice tips!!
Great work
MoiN
http://www.anewmorning.com
MandS
February 23, 2008 at 2:33 pm
A really useful post! I will follow its steps right today!
patrik
February 26, 2008 at 3:36 am
“lock down your wp-admin folder so that only certain IP addresses can access that directory”
How???? Help!
buyers web make money online blog
February 26, 2008 at 6:01 am
awesome tips…will implement them asap…
Kezzer
March 11, 2008 at 3:08 am
As for previous comments about index.php and index.html, most servers prioritise index.html as the first point of call when requests are made, so it’s probably better to use index.html.
Zacky
March 13, 2008 at 8:05 am
need help in securing by IP address.
How do I actually do it? pls help
Thanks
Zacky