Inspired by recent comments, I’ve decided to make today’s tip about hardening your WordPress install. You should keep your blog secure so that nobody can deface it (which happened recently to some high profile bloggers).
There are several ways you should secure your install, to be safest you should apply all of these different methods.
The first you should do, right now, is login to your Dashboard and check the number at the very bottom of the page – it should look something like “2.x 0.20 seconds”. Now check and see what the latest release is on the WP download page here – if you’re lagging behind you should update immediately.
You should also protect your WordPress files – the wp-admin, wp-content and wp-includes files.
To start, create a file in your wp-content and wp-includes directories called .htaccess, and put this into the file:
Order Allow,Deny
Deny from all
<Files ~ ".(css|gif|jpe?g|js|png)$">
Allow from all
</Files>
This restricts all files accept images, CSS and JavaScript – put this .htaccess file into both your wp-content and wp-includes directories. Important note: this will limit use of the WordPress Visual Editor so if you like to use that you may want to only add this in the wp-content directory, and not the wp-includes one.
You can also restrict access to your wp-admin directory by IP address, which is what I use. Here’s the contents of the .htaccess file for the wp-admin directory if you want to use this approach:
order deny,allow
allow from 0.403.256.299 # put your actual static IP address
deny from all
The advantage of these changes is that they should not stop your plugins from working. If you find problems with your plugins (or even with this site) then please leave a note below.
RSS Feed
By Email
Twitter
{ 1 comment… read it below or add one }
Thanks, I was not aware of this!