Hi, following the recent brute force hacking I decided to include a few simple steps ...
Securing your wordpress site.
Hi, following the recent brute force hacking I decided to include a few simple steps that can be taken to secure your wordpress site from threat. These are simple steps that will reduce the risk that your website is hack but it won't eliminate that risk completely. You can skip some of these steps if you want.
1. Password protect your wp-admin directory.
I don't mean the default login of wordpress but add another one with .htpasswd. To create one go here then enter your username and password. Next copy the content in the text area and paste it in a new file name .htpasswd(note: it should not end with .txt) and upload it to your wp-admin file.
2. Limit the ips that can access your wp-admin folder.
This is will allow only specific ips to access your wp-admin file. Just add the following line to your .htaccess found in your wp-admin folder
where xxx.xxx.xxx.xxx is your ip. if your want to add another ip just add another allow "from line"
<Limit GET POST>
deny from all
allow from XXX.XXX.XXX.XXX
You can also allow a range of ip. e.g "allow from 123." will allow all ips starting by 123.
This is the same for "allow from 123.113." it will allow any ips starting by 123.113.
3. Install google authenticator plugin
Just search for it in the wp plugins repository. Next download wordpress autheticator on your smartphone or tablet. Each time you login to your wp dashboard, you will need to enter your username and password as usual but also a 6 digit code that you will found in the google autheticator apps install on your smartphone. Note, your smartphone is not required to be connected to the internet but you should set your time zone and time correctly on your smartphone. Once the plugin install in wp. follow these steps:
- In wp dashboard user>all users>edit your profile
- You ill see the google authenticator settings
- Check the active checkbox, not the relax checkbox
- Do not enable app pasword as this will decrease your login security
- choose a description
- Go to google authenticator and scan the qr code or enter the secret text manually
Ok your are done. you have just enable two way verification for your wp site. Even if someone has your password he will still be unable to login.
4. Install login limit attempt
This one is self explanatory. It should be enough alone to protect you site from bruteforce login attempts like the one that occur recently
5. Do not use nulled themes or plugins
Well you can use but only if you trust the one nulling it or if know php and html then you can check if it contains backdoors or hidden links
6. Install a security plugin
I don't use one personally, so I can't tell you which one to use
These is just a short list there other task that can be done to secure your site. If you know any other tips, post it below.
The Following User Says Thank You to naweed For This Useful Post:
Re: Securing your wordpress site.
By kazumasama in forum Black Hat SEO
Last Post: 03-13-2012, 02:51 AM
By BFHoodn!nja in forum Blogging
Last Post: 06-21-2011, 10:56 PM
By Phunky in forum Making Money
Last Post: 09-28-2009, 02:07 AM
By Abercrombie in forum Blogging
Last Post: 07-29-2009, 07:34 PM
By kingbrend in forum BlackHat Lounge
Last Post: 12-05-2008, 03:42 PM