In this article we will learn how to secure our wordpress blog using some .htaccess technique. Of course there is no system perfect in this world. Everything should have bug, no matter it’s high or low risk. When last time you have seen blog with wordpress got hacked? Well, This happen to me 3 times on one of my crazyporn blog. The hackers always controlling my admin panel and it’s happen 3 times until I playing with my new toys to stop this guy.

What is .htaccess? In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. Read full in wikipedia. Back to the topic what should we do to stop hackers controlling our admin area?

There is lots of technique, what I write in here just some technique using .htaccess files:

1. Protected your wp-login.php files.

<Files wp-login.php>
Order deny,allow
Deny from All
Allow from xxx.xxx.xxx.xxx
</Files>

Where xxx.xxx.xxx.xxx is your IP, if you meet problem to know your IP just look on IPchicken.com

2. Protected your wp-config.php

Wp-config is vital configuration files for wordpress, it should secured to stop people viewing it’s content.

<files wp-config.php>
order allow,deny
deny from all
</files>

3. Protected your wp-comment-post.php

Even if you’re using Akismet plugins, to reduce spambot post via remote access you can use this code. (Change yourblog.com with your own domain name)

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

4. Protected .htaccess file.

This code will protect all files with “.hta” string on it.

<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

After using this tips the hackers can’t controlling my wordpress admin panel again hahaha! he try to inject using wordpress bug but when I limited IP to access admin panel he’s cry *lol* yay, I win! finally I beat this noob *lol*

Crazy! I think all of my site has been targeted to get spammed by someone or maybe group.. Last 2 days ago I give notification in some of my site tell them to stop spamming or I will banned them. Mostly they are spamming for Viagra, xxx, porn, rubbish stuff, etc. Seems like spam business make a lot money for them… eh?

Looks like they was thinking I’m joke? hell no I’m not joke this time *bad temperament lol* I banned all they IP from accessing my website. I don’t care about traffic may decrease for a weeks this stupid guys group must be stopped!

I searching the way to do it and i found it lately to play with simple .htaccess file to stop this noob from spamming..

blocking their IP using this sample code:

## USER IP BANNING
<Limit GET POST>
order allow,deny
deny from 123.123.123.123
deny from 123.123.123.
deny from 123.123.
deny from 123.
allow from all
</Limit>

Read the rules:

123.123.123.123 (Blocks a specific IP address)
123.123.123. (Blocks ALL IPs within the range 123.123.123.xxx)
123.123. (Blocks ALL IPs within the range 123.123.xxx.xxx)
123. (Blocks ALL IPs within the range 123.xxx.xxx.xxx)

I recommended you to blocks specific IP adress to minimize your lost traffic.

Now for disable hotlinking from bandwith stealer use this sample code:

Read More »

Building your website but no one visited on it? What’s wrong? You might can advertising with easy to get million traffic daily, But in one day you stop advertising you loose all those potential traffic.

Organic traffic from search engine are the best. Most of webmaster looking for traffic from search engine but they don’t know how to get it.  I know it’s hard, really hard. Beside the topics, keywords, etc most of important thing we almost forgot it is the friendly search engine link.

Most of great search engine love to indexed permanent link (permalink) example http://www.mysite.com/mypage/ or http://www.mysite.com/mypage.html more than dynamic URL example http://www.mysite.com/index.php?page=page1 etc. Even google and most great search engine claim their robot will crawl dynamic URL but most of people doesn’t like it in result. By make your URL friendly will also raised CTR on SERP.

* You should know URL Friendly will not affect on your search engine position ranking.

So let try to make simple Friendly URL using URL rewrite. First write this code on your .htaccess file (you can find this hidden file usually in your website root)

RewriteEngine On
Options +FollowSymLinks

//creating /mypage.html format
RewriteRule ^([0-9a-zA-Z-]+)/?/?.html$ /home/yourusername/public_html/index.php?page=$1

//creating /mypage/ format
RewriteRule ^([0-9a-zA-Z-]+)/?/?/$ /home/yourusername/public_html/index.php?page=$1

* Take attention on modification bold and red font, and in your index.php (Taken from my sample)

<?php

if(isset($_GET['page']))
$p = $_GET['page'];
else
$p = “0″;

switch($p) {
case “tentang-kami”: include(“./pages/tentang-kami.php”); break;
case “kenapa-kami”: include(“./pages/kenapa-kami.php”); break;
case “berita”: include(“./pages/berita.php”); break;
case “promosi”: include(“./pages/promosi.php”); break;
}

?>

Done, you will get friendly URL like this sample on 2 of my site in here and here just waiting until search engine indexed your page and send organic traffic for you. For real sample to make sure URL rewrite working take a look on this page and this page.

Good luck