In this article we will learn how to secure our wordpress blog using some .htaccess technique. Of course there is no system perfect in this world. Everything should have bug, no matter it’s high or low risk. When last time you have seen blog with wordpress got hacked? Well, This happen to me 3 times on one of my crazyporn blog. The hackers always controlling my admin panel and it’s happen 3 times until I playing with my new toys to stop this guy.

What is .htaccess? In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. Read full in wikipedia. Back to the topic what should we do to stop hackers controlling our admin area?

There is lots of technique, what I write in here just some technique using .htaccess files:

  1. Protected your wp-login.php files.

    2. <Files wp-login.php>
    Order deny,allow
    Deny from All
    Allow from xxx.xxx.xxx.xxx
    </Files>

    Where xxx.xxx.xxx.xxx is your IP, if you meet problem to know your IP just look on IPchicken.com

  2. Protected your wp-config.php

    3. Wp-config is vital configuration files for wordpress, it should secured to stop people viewing it’s content.

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

  3. Protected your wp-comment-post.php

    4. Even if you’re using Akismet plugins, to reduce spambot post via remote access you can use this code. (Change yourblog.com with your own domain name)

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

  4. Protected .htaccess file.

    5. This code will protect all files with “.hta” string on it.

    <Files ~ “^.*\.([Hh][Tt][Aa])”>
    order allow,deny
    deny from all
    satisfy all
    </Files>

After using this tips the hackers can’t controlling my wordpress admin panel again hahaha! he try to inject using wordpress bug but when I limited IP to access admin panel he’s cry *lol* yay, I win! finally I beat this noob *lol* :P

Share |


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...


SIMILAR POST :

SEARCH ENGINE KEYWORD RESULTS :
  • istanto net
  • istanto
  • deny ip with htaccess
  • secure your htaccess file
  • watermark htaccess wordpress
  • RewriteCond %{REQUEST_URI} ^/secure/( *)$ wordpress
  • stop people viewing wordpress blog
  • make wordpress secure htaccess
  • htaccess where does wordpress store
  • htaccess secure wordpress how to
  • cannot publish post wordpress htaccess
  • htaccess wordpress file new web page
  • how to find htaccess file in wordpress
  • wordpress htaccess file to stop hackers
  • htaccess stop hackers
  • how to make htaccess file
  • htaccess deny your ip
  • wordpress how to make your htaccess secure
  • htaccess wordpress admin
  • make htaccess file
  • htaccess file in wordpress
  • secure htaccess for wordpress
  • find htaccess file in wordpress
  • full htaccess file for WordPress
  • wordpress stop on login php
  • how to secure your htaccess file
  • watermark htaccess all files folder
  • does wordpress have an htaccess file?
  • cannot publish with wordpress using my ip
  • wordpress secure htaccess
  • how to create htaccess file wordpress
  • htaccess protect file from hackers
  • wordpress htaccess
  • wordpress blogs
  • inject ad htaccess
  • wordpress htaccess block wp-login
  • secure wordpress files
  • is htaccess still the most secure
  • htaccess file protect file -password
  • stop wordpress hack htaccess file block ip
  • htaccess <files>
  • how re create htaccess file
  • secure wordpress login through htaccess
  • htacess file being edited by hacker
  • htaccess wordpress secure
  • htaccess protect files in directory -password
  • securing wp-login using htaccess
  • wordpress watermark htaccess
  • secure htaccess wordpress 2009
  • htaccess ebook
  • where is my htaccess file in wordpress
  • should there be an htaccess file in wordpress directory
  • wordpress login secure directory
  • create htaccess wordpress
  • ip htaccess for wordpress
  • cant find htaccess wordpress
  • 2010 wordpress securing htaccess
  • htaccess file for wordpress
  • wordpress htaccess watermark
  • htaccess wordpress deny allow
  • protect htaccesss file wordpress
  • <Files ~ “^ * ([Hh][Tt][Aa])”> wordpress
  • wordpress deny people from google
  • wordpress protected files
  • watermark htaccess 2010
  • wordpress htaccess ban
  • wordpress and htacess
  • secure ht access file wordpress
  • ht access file wordpress
  • htaccess deny wordpress wp-register
  • making your php website secure htaccess
  • htaccess wordpress secure comments
  • secure wordpress htaccess
  • recreate htaccess
  • stopping published wordpress files being edited
  • should there be a htaccess file in wordpress dir
  • access file wordpress
  • how to secure wordpress files
  • securing htaccess to ip
  • using secure htaccess wordpress
  • htaccess stop admin access
  • htaccess wp-login php
  • htaccess wp-login php /login/
  • worpress how to make htaccess
  • htaccess stop password required
  • stopping hackers in Wordpress
  • php to access htaccess protected area
  • htaccess how to secure comment
  • htaccess secure htaccess file
  • wordpress protect wp-login php htaccess
  • htaccess how secure is it
  • linking a blog to main website htaccess file
  • secure htaccess
  • access file login htaccess wordpress
  • wordpress htaccess search page
  • htacess secure wp-login
  • recreate wordpress htaccess
  • is htaccess secure
  • f
  • htaccess technique in php
  • Your blog’s htaccess file
  • secure wordpress file
  • securing files on wordpress
  • how can i secure my htaccess
  • htaccess file wordpress
  • 2010 secure wordpress
  • publish htaccess file
  • RewriteCond wp-login php
  • htaccess secure your wordpress site against hackers
  • php files deny from all wp- htaccess
  • www htaccess wp-login cant login
  • [Hh][Tt][Aa] htaccess
  • wordpress htaccess 2010
  • deny wp-login php
  • htaccess protect from spam comments
  • wordpress htaccess secure
  • secure your htaccess in wordpress
  • wordpress secure wp-login
  • HTACCESS ebook
  • generate htaccess file wordpress
  • htaccess wordpress
  • how to find htaccess folder at wordpress
  • securing wp login
  • htaccess secure ht files
  • stop hackers htaccess
  • secure wp-logi
  • allow wordpress write htaccess file
  • wp-login php htaccess
  • htaccess how to stop people viewing files
  • <Files ~ ^ * ([Hh][Tt][Aa])> order allow deny deny from all satisfy all </Files>
  • wp deny access to files in folder without login
  • perfect htaccess file for wordpress
  • what should be in my wordpress htaccess file?
  • how to make htaccess file secure
  • how to access htaccess file in wordpress
  • where does wordpress store the htaccess file
  • wordpress secure files
  • how to stop people registering on wordpress blog
  • securing wordpress
  • htaccess [aA]
  • secure my wp-login
  • htaccess ad
  • making htaccess file secure
  • htaccess deny keyword
  • best secure wordpress htaccess
  • secure wordpress 2010
  • defeat order deny allow
  • how to access htaccess file wordpress
  • htaccess wordpress store files in folder
  • create an htaccess file for windows server with ip block
  • i cant find htaccess in wordpress
  • is htaccess login secure
  • wp-admin cannot secure with htaccess
  • how to secure your wordpress files
  • cant access htaccess hacker
  • htaccess <Files wp-login php>
  • REMOVE WORDPRESS FILE SECURE
  • php htaccess login
  • how to stop the hacker from using htacess
  • wordpress htaccess wp-admin 2010
  • perfect htaccess
  • HOW TO recreate your htaccess file
  • wordpress protect blog htaccess
  • htaccess wordpress ip ban
  • create htacess file
  • htaccess wordpress secure OR security
  • vpn ip htaccess
  • htaccess prevent create keyword
  • beat htaccess file for wordpress
  • htaccess password protect wordpress blog
  • wordpress wp-login php protect
  • secure your login htaccess
  • secure wp-content htaccess
  • protecting htaccess wp-login
  • what should be in my wordpress htaccess file
  • wordpress htaccess wp-admin
  • wordpress htaccess block
  • perfect htaccess wordpress 2010
  • secure wp-login
  • secure file with htaccess wordpress
  • wp-login security htaccess
  • stop php write access htaccess
  • protected files with wordpress
  • ht login for wordpress
  • htaccess wordpress youtube
  • htaccess secure file allow exception
  • how to copy my htaccess file in wordpress
  • wordpress htaccess deny all
  • give write access in htaccess wordpress
  • block ip login wordpress
  • <Files ~ ^ * ([Hh][Tt][Aa])>
  • htaccess exception wordpress
  • wordpress directory cant edit htaccess
  • how to block IP for my WP login
  • Securing your administrator directory using htaccess files
  • wordpress login access htaccess
  • htaccess protect php file
  • secure the htaccess file 2010
  • htaccess for wp-login
  • wordpress secure login
  • deny access wordpress
  • htaccess secure directory by ip
  • htaccess ile Wp-login php
  • wordpress htaccess cant access other folder in domain
  • block ip in wordpress htaccess file
  • the best secure htaccess
  • wordpress secure wp-admin without ip
  • htaccess stop php
  • htaccess block copy content
  • where to store htaccess file in wordpress
  • htaccess prevent php
  • htaccesss wordpress
  • how to create a secured htaccess
  • wordpress deny directory
  • wordpress secure access
  • secure your blog htaccess
  • change wp-login php file wordpress
  • secure login htaccess wp-login
  • htaccess file to secure wordpress
  • htaccess wordpress block google
  • login secure wordpress 2010
  • using htaccess to secure your wordpress
  • htaccess secure website
  • istanto block ip htaccess
  • best htaccess wordpress
  • WordPress deny
  • what should i have in htaccess file wordpress
  • wordpress htaccess login
  • wordpress htaccess search result
  • htaccess login exception
  • wordpress htaccess recreate
  • wordpress write your own wp-login php
  • htacces for search wordpress
  • securing htaccess
  • stopping posts from being published in wordpress
  • wordpress plugin block domains via htaccess
  • the perfect htaccess file
  • secure wp-comments-post php
  • password protect files with htaccess 2010
  • cant find my htaccess file in wordpress
  • allow wordpress to access another directory
  • secure wp-login php
  • Wordpress login access
  • where to create htaccess file in windows for ip blocking
  • wordpress htaccess perfect file
  • htaccess & protecting wp-admin/plugins
  • accessing wordpress blog without wp-login php
  • protecting wp-plugins htaccess
  • wordpress htaccess file password
  • wordpress wp-content deny allow
  • wordpress htaccess block ip address
  • secure wordpress ip#
  • cant rewrite wp-login php
  • how to access the htaccess file in wordpress
  • htaccess wp-admin 2010
  • how to secure wp login
  • block ip from visiting my wordpress blog
  • how to access your htacess file in wordpress
  • wordpress secure wp-content access
  • secure htaccess wordpress
  • secure files in wordpress
  • wordpress protect your htaccess file
  • I cant find my wp-login file
  • htaccess login file exception
  • write htaccess allow paypal
  • secure files in wp
  • wordpress rewrite wp-login php htaccess
  • wordpress wp-admin htaccess file 2010
  • secure wordpress wp-login php
  • htaccess wordpress write post
  • wordpress block file access
  • edit htaccess to allow access wordpress site
  • protect wp-login htaccess
  • secure wp-admin
  • best and secure htaccess
  • how to ban wordpress login
  • wordpress protect folders htaccess windows
  • block a url with htaccess wordpress
  • htaccess blocking wordpress back end
  • secure wordpress by htaccess 2010
  • secure your php admin back-end
  • wordpress create htaccess
  • the perfect wordpress htaccess file
  • htaccess block keyword
  • how to stop publish wordpress
  • wp htaccess deny
  • where is my htaccess file in wp
  • how do I recreate htaccess Wordpress file
  • where to store htaccess for wordpress
  • use htaccess file to block indonesia from website
  • RewriteCond !^/login *$
  • wordpress protect from hackers htaccess
  • best htaccess for wordpress
  • htaccess deny search engines access to plugins
  • htaccess exception
  • htaccess allow paypal
  • block wp-content htaccess
  • post to secure site htaccess
  • prevent website copying htaccess
  • htaccess for wordpress 2010
  • wordpress protect files
  • block ip access wordpress
  • wordpress htaccess hackers
  • deny access to wp-login php using htaccess
  • htaccess secure wordpress
  • htaccess vital config file
  • wordpress htaccess wp-admin [F]
  • wheres htaccess in my wordpress?
  • secure wp
  • worpress htacces
  • htaccess wordpress 2010
  • PROTECT wp-login php ht access
  • wordpress block *php access from wp-content
  • using wordpress as store protecting
  • block ip address from visiting website wordpress
  • securing worpress
  • htaccess php file security
  • wordpress htaccess rewrite wp-content
  • wordpress files allow deny
  • where is my htaccess file
  • htaccess secure
  • securing wordpress htaccess
  • htaccess deny except
  • wordpress blocking backend
  • access the htaccess file wordpress
  • htaccess prevent search engine
  • secure wordpress blog with htaccess
  • secure htaccess file wordpress
  • make wordpress secure with htaccess
  • protect wordpress directory
  • htaccess wordpress allow create folder
  • wordpress htaccess best configuration
  • htaccess domain name
  • wordpress block copy
  • secure wordpress htaccess file
  • htaccess wordpress directory
  • prevent files in my wordpress directory
  • htaccess youtube file
  • securing htaccess in wordpress
  • wp-login php block from external access
  • perfect wordpress htacess
  • perfect htaccess wordpress
  • configuration wordpress htaccess
  • protected files wordpress
  • wordpress secure directory
  • wordpress deny from publish
  • hh htaccess Allow
  • htaccess block url by keyword
  • htaccess keyword wp-login
  • protect htaccess file wp-content wp-admin
  • best httacces wordpress
  • best wordpress htaccess
  • crazypornblog
  • htaccess wordpress secure page
  • best wordpress htaccess file
  • block wordpress from accessing external site
  • password protect wordpress
  • wheres htaccess
  • create htaccess file wp admin
  • htaccess exception ip
  • htaccess secure wordpresss
  • wordpress prevent access to wp-login
  • wordpress plugin secure directory
  • how do i give WordPress write access to the htaccess file
  • htaccess password exception
  • protect files and folders wordpress
  • secure htacces
  • htaccess register wordpress
  • htaccess wplogin
  • limited access to wordpress htacess
  • allowing paypal access using htaccess?
  • best htaccess file for wordpress
  • sitemap htaccess wordpress
  • virus and trying access /wp-login php
  • secure directory agains external access htaccess
  • best htaccess for worpress
  • edit htaccess inside wordpress
  • protect wp-admin
  • wordpress add htaccess exception
  • perfect htaccess for wordpress
  • virus accessing htaccess
  • htaccess secure wordpress page
  • best htaccess
  • the best htaccess for Wordpress
  • prevent file accsess htaccess
  • wordpress password protected area htaccess
  • protect htaccess wordpress
  • htaccesss control wordpress
  • how to make login form through htaccess
  • htaccess wordpress viruses
  • wordpress protected downloads folder
  • htaccess 2010
  • paypal htaccess exception
  • my wordpress cannot write htaccess -permalinks
  • htaccess file exception
  • securing wordpress using htaccess
  • how to find htaccess WP
  • htaccess block indonessia
  • htaccess vital
  • how to find htaccess Wordpress 3 0
  • best htaccess for wordpress in a site with domains
  • perfect htaccess 2010
  • wordpress excepcion rewrite
  • best htaccess for wordpress blog
  • htaccess wordpress exceptions
  • does wordpress ban porn blog
  • protect wordpress htaccess redirect
  • block people visiting my wp login htaccess
  • wp_login wordpress 3 squid error htaccess
  • where does wordpress store htaccess file
  • best htaccess config for wordpress
  • htaccess deny exception
  • htaccess password protect for wp-login php
  • creating secure area htaccess php config file
  • best htaccess for wordpress 3 0
  • wordpress secure wp-content files registered htaccess
  • htaccess vpn
  • best htaccess file to wordpress
  • use htaccess to secure wordpress
  • stop wordpress modify htaccess
  • best htaccess code for secure wordpress
  • rewrite wp-login php
  • htaccess password protect folder file exceptions
  • wordpress hide wp-login htaccess
  • htaccess exception for folder wordpress
  • wordpress htaccess for search on the internet
  • htaccess files Hide and deny except
  • best htaccess code
  • set up htaccess cannot access wordpress admin backend
  • best htaccess protection for wordpress
  • wp login block from ip
  • hackers using my htaccess
  • Prevent remote access to wp-comments-post php file
  • wordpress 3 0 htaccess wp-admin
  • htaccess protect wp-content
  • htaccess wordpress best
  • wordpress htaccess deny
  • htacces stop
  • external login wordpress
  • add exeption wordpress htaccess

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!


This entry was posted on Monday, December 14th, 2009 at 4:31 AM and is filed under Miscellaneous, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.