Securing WordPress

Over the last couple of weeks some people I know have had their WordPress installations hacked. The one common denominator is that they were all running older versions of the software and had not done upgrades for a while. The best thing to do is to make sure you do the upgrades. Now I know doing that is not always convenient, so I went looking around for some ideas how to make it a little more secure using Apache. The article with the best advice came from Matt Cutts and had to do with using Apache’s .htaccess file to limit access to the /wp-admin/ directory by IP address. If you have a dynamic IP address you may have to FTP into your site and edit the file to include the new IP address before you can access the admin section of your blog. The next tip he had was making sure you don’t leak unnecessary information to a potential attacker by putting a blank index.php file in the plugins directory. You can also turn off the directory browsing in Apache. The final tip was to remove the WordPress version tag from your header template so a potential attacker can’t view it and find out quickly what holes may exist. For details on how to do the above check out the article.

Leave a Reply

Your email address will not be published.