Securing your wordpress site.


Results 1 to 2 of 2
Hi, following the recent brute force hacking I decided to include a few simple steps ...
  1. #1
    naweed is offline Junior Member
    Join Date
    Dec 2011
    Thanked 33 Times in 29 Posts

    Default Securing your wordpress site.

    Hi, following the recent brute force hacking I decided to include a few simple steps that can be taken to secure your wordpress site from threat. These are simple steps that will reduce the risk that your website is hack but it won't eliminate that risk completely. You can skip some of these steps if you want.

    1. Password protect your wp-admin directory.
    I don't mean the default login of wordpress but add another one with .htpasswd. To create one go here then enter your username and password. Next copy the content in the text area and paste it in a new file name .htpasswd(note: it should not end with .txt) and upload it to your wp-admin file.

    2. Limit the ips that can access your wp-admin folder.
    This is will allow only specific ips to access your wp-admin file. Just add the following line to your .htaccess found in your wp-admin folder
    <Limit GET POST> 
    order deny,allow
    deny from all
    allow from XXX.XXX.XXX.XXX
    where is your ip. if your want to add another ip just add another allow "from line"
    You can also allow a range of ip. e.g "allow from 123." will allow all ips starting by 123.
    This is the same for "allow from 123.113." it will allow any ips starting by 123.113.

    3. Install google authenticator plugin
    Just search for it in the wp plugins repository. Next download wordpress autheticator on your smartphone or tablet. Each time you login to your wp dashboard, you will need to enter your username and password as usual but also a 6 digit code that you will found in the google autheticator apps install on your smartphone. Note, your smartphone is not required to be connected to the internet but you should set your time zone and time correctly on your smartphone. Once the plugin install in wp. follow these steps:
    1. In wp dashboard user>all users>edit your profile
    2. You ill see the google authenticator settings
    3. Check the active checkbox, not the relax checkbox
    4. Do not enable app pasword as this will decrease your login security
    5. choose a description
    6. Go to google authenticator and scan the qr code or enter the secret text manually

    Ok your are done. you have just enable two way verification for your wp site. Even if someone has your password he will still be unable to login.

    4. Install login limit attempt
    This one is self explanatory. It should be enough alone to protect you site from bruteforce login attempts like the one that occur recently

    5. Do not use nulled themes or plugins
    Well you can use but only if you trust the one nulling it or if know php and html then you can check if it contains backdoors or hidden links

    6. Install a security plugin
    I don't use one personally, so I can't tell you which one to use

    These is just a short list there other task that can be done to secure your site. If you know any other tips, post it below.

  2. The Following User Says Thank You to naweed For This Useful Post:

    Ville (04-18-2013)

  3. #2
    Ville is offline Newbies
    Join Date
    Sep 2012
    Thanked 8 Times in 6 Posts

    Default Re: Securing your wordpress site.

    Nice! Thank you.

Similar Threads

  1. Securing your site and all your hard work
    By kazumasama in forum Black Hat SEO
    Replies: 9
    Last Post: 03-13-2012, 01:51 AM
  2. Securing my spot early
    By BFHoodn!nja in forum Blogging
    Replies: 2
    Last Post: 06-21-2011, 09:56 PM
  3. Securing a PDF?
    By Phunky in forum Making Money
    Replies: 5
    Last Post: 09-28-2009, 01:07 AM
  4. Replies: 0
    Last Post: 07-29-2009, 06:34 PM
  5. Securing an eBook
    By kingbrend in forum BlackHat Lounge
    Replies: 4
    Last Post: 12-05-2008, 02:42 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

BlackHatWorld on Twitter BlackHatWorld on FaceBook

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103