In this article we will learn how to secure our wordpress blog using some .htaccess technique. Of course there is no system perfect in this world. Everything should have bug, no matter it’s high or low risk. When last time you have seen blog with wordpress got hacked? Well, This happen to me 3 times on one of my crazyporn blog. The hackers always controlling my admin panel and it’s happen 3 times until I playing with my new toys to stop this guy.

What is .htaccess? In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. Read full in wikipedia. Back to the topic what should we do to stop hackers controlling our admin area?

There is lots of technique, what I write in here just some technique using .htaccess files:

  1. Protected your wp-login.php files.

    2. <Files wp-login.php>
    Order deny,allow
    Deny from All
    Allow from xxx.xxx.xxx.xxx
    </Files>

    Where xxx.xxx.xxx.xxx is your IP, if you meet problem to know your IP just look on IPchicken.com

  2. Protected your wp-config.php

    3. Wp-config is vital configuration files for wordpress, it should secured to stop people viewing it’s content.

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

  3. Protected your wp-comment-post.php

    4. Even if you’re using Akismet plugins, to reduce spambot post via remote access you can use this code. (Change yourblog.com with your own domain name)

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

  4. Protected .htaccess file.

    5. This code will protect all files with “.hta” string on it.

    <Files ~ “^.*\.([Hh][Tt][Aa])”>
    order allow,deny
    deny from all
    satisfy all
    </Files>

After using this tips the hackers can’t controlling my wordpress admin panel again hahaha! he try to inject using wordpress bug but when I limited IP to access admin panel he’s cry *lol* yay, I win! finally I beat this noob *lol* :P

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

SIMILAR POST :

Incoming search terms:

  • inkaso instrukcija

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!


This entry was posted on Monday, December 14th, 2009 at 4:31 AM and is filed under Miscellaneous, Personal, Tips & Trick. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.