1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to secure wordpress

Discussion in 'Blogging' started by RCKid, Feb 19, 2010.

  1. RCKid

    RCKid Junior Member

    Joined:
    Aug 15, 2009
    Messages:
    170
    Likes Received:
    37
    Does anyone have any ideas on how to secure my wodrpess blog so people can't see what plugins and themes i use?
     
  2. Kharis

    Kharis Regular Member

    Joined:
    Mar 26, 2009
    Messages:
    274
    Likes Received:
    1,325
    Location:
    Down Under
    just stick a blank index.html in your plugins and themes folder so they can't browse to them, or put a redirect back to your main page
     
  3. nufaman

    nufaman Elite Member

    Joined:
    May 29, 2009
    Messages:
    1,697
    Likes Received:
    1,185
    Doesn't wordpress do this already?
     
  4. mointernet

    mointernet Regular Member

    Joined:
    Apr 21, 2008
    Messages:
    315
    Likes Received:
    151
    you really can't stop people from snooping on your page source to see what plugins you are using but by default, wordpress places an index.php on your plugin directory to prevent your server to list out a directory listing of your plugins. You may like to redirect your visitors back to your main page when they try to access your plugin directory with the following modification on your index.php file placed in these directories.

    Code:
    <?php
    header("location: http://yourdomain.com");
    ?>
    
    please note that the index.php file is NOT the one on your root directory or your wordpress root installation.

    place/modify index.php in these directories:
    /wp-content/
    /wp-content/plugins/
    /wp-content/themes/
    /wp-content/uploads/
     
  5. surferket

    surferket Junior Member

    Joined:
    Dec 5, 2008
    Messages:
    179
    Likes Received:
    116
    Check out this post:

    Code:
    http://www.blackhatworld.com/blackhat-seo/blogging/172919-wordpress-security-presentation-must-see.html
     
  6. Hijinx

    Hijinx Junior Member

    Joined:
    Apr 13, 2009
    Messages:
    142
    Likes Received:
    87
    Location:
    New Jersey
    Aside from the index.html file thrown into those directories, make sure you rename your theme folder or if you leave the default name people will be able to see it by looking at the source code of the main page.

     
  7. halfpoint

    halfpoint Regular Member

    Joined:
    Feb 18, 2010
    Messages:
    379
    Likes Received:
    94
    All of the above advice is great, however, there is also a couple of products dedicated to this.

    "Wordpress Secured" is one that comes to mind. Anyway, there is no chance of ever being 100% secure.