1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress Security

Discussion in 'Blogging' started by twinkle88, Oct 2, 2008.

  1. twinkle88

    twinkle88 Junior Member

    Joined:
    Sep 28, 2008
    Messages:
    184
    Likes Received:
    45
    Hello guyz,

    I have read that hackers target wordpress blogs easily.
    I heard that they target .htaccess file first.
    Where can I find .htaccess file?
    Can any one tell me how can I protect wordpress blog.

    Best Regards.:)
     
    Last edited: Oct 2, 2008
  2. gifmore

    gifmore Regular Member

    Joined:
    Oct 12, 2007
    Messages:
    274
    Likes Received:
    67
    Came across this product:

    Code:
    hxxp://wppadlock.c0m/
    Have no clue as to whether it really works or how good it is, but it might be worth a look ;)

    If other members have had any experience with this, please do share your feedback here :)

    Thank you.

    Cheerio :flame: :flame: :flame:
     
  3. twinkle88

    twinkle88 Junior Member

    Joined:
    Sep 28, 2008
    Messages:
    184
    Likes Received:
    45
    Thanks for the reply.
    But there is nothing over there. The domain was redirected to hxxp://agoga.c0m/ which is parked.
     
  4. OnFire25

    OnFire25 Registered Member

    Joined:
    Mar 24, 2008
    Messages:
    60
    Likes Received:
    212
    Having had some of my blogs attacked and identified as malware site because of the hacking these are some of the steps that I now use to "harden" my blogs.



    * Your "plugins" directory is NOT secured by default!

    And that means there's no "index.html" or "index.php" file in that directory so anyone can SEE what plugins are you using by just going to "www.yoursite.com/wp-content/plugins". It is easy to stop this by creating a blank HTML file named "index.html" and put it in that directory. Job done!


    * Choose a strong password!

    Don't use an easy to be guessed admin password (your several characters small name, your wife's name, pet names, etc)...choose a longer password and try to combine it with numbers and upper/lower case letters (even other characters like #,$,%,^...). And change your admin password regularly!


    * Use security-related plugins!

    Some of these security related plugins may help you:

    - BS-WP-NoVersion
    A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.

    Or you can use Replace WP version plugin.
    Code:
    http://wordpress.org/extend/plugins/replace-wp-version/
    - Login LockDown
    Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
    Download it from here.
    Code:
    http://www.bad-neighborhood.com/login-lockdown.html

    * Backup your database!

    You should backup your data regurarly (that includes the database). Encrypting the backup, keeping an independent record of MD5 hashes for each backup file, and/or placing backups on read-only media (such as CD-R) increases your confidence that your data has not been tampered with.
    One good utility is WP-DBManager and can be downloaded from here
    Code:
    http://wordpress.org/extend/plugins/wp-dbmanager/


    * Of course, update your Wordpress!

    Like I said above, keeping your Wordpress installation up to date is one of the most important measure against hackers. And it's not complicated to be done either (backup everything before upgrade!).

    Good Luck
     
    • Thanks Thanks x 8
  5. gifmore

    gifmore Regular Member

    Joined:
    Oct 12, 2007
    Messages:
    274
    Likes Received:
    67
    Sorry, but I forgot to mention that you need to change the
    xx to tt and the zero to o:

    hxxp://wppadlock.c0m/

    Anyways, OnFire25 also seemed to have posted some great tips and tools :cool2:

    Cheerio :)
     
  6. twinkle88

    twinkle88 Junior Member

    Joined:
    Sep 28, 2008
    Messages:
    184
    Likes Received:
    45
    Infinite thanks to you.
    I did every thing.

    Good plougin protection idea. I think i can use this technique to protect all folders like images and all.

    The version hider plugin is good. I think the new wordpress software is coded to protect our wordpress version from others.








    Thanks for the tip.
    It is working fine. I think this plugin software does htaccess modification and asks the admin to input his ip address. Good plugin.
    Instead of buying this plugin, if we do a google search ".htaccess protection", we can find the tip. But it must be edited manually where as this plugin automates the process.
     
    Last edited: Oct 3, 2008