PDA

View Full Version : How do you secure your Wordpress?



riddler
02-17-2010, 11:18 PM
For me I change the admin username to a custom username plus use a 128bit password randomly generated.

Add robots.txt with Disallow: /wp-*

And remove the Wordpress versions from all the html files..

Any one else got any suggestions?

I tried using AskApache but its a bitch to get configured or to even get past the configuration to make it run.

dgchi
02-18-2010, 12:30 AM
you probably do more than 99.99% of wordpress users

probably a lot of people don't even upgrade to the third latest version

Rongo
02-18-2010, 07:28 AM
Add an htaccess file to your /wp-admin/ root that restricts access by your IP only. If your IP changes, sure it will lock you out too, but you can just get your new IP and add it to the allow directive in the htaccess file.

Also, I change my table prefixes to not be the default wp- prefix.

Finally, change your theme files to NOT be writable by the online editor and ensure that your uploads folder has an htaccess that disallows execution of php scripts. Specifically, in your uploads folder, add an htaccess file with this in it:


php_flag engine offDoing this will deny php files from running if someone exploits a comments form and is able to introduce a script into your uploads folder, since that folder is writable.