In this article we will learn how to secure our wordpress blog using some .htaccess technique. Of course there is no system perfect in this world. Everything should have bug, no matter it’s high or low risk. When last time you have seen blog with wordpress got hacked? Well, This happen to me 3 times on one of my crazyp**n blog. The hackers always controlling my admin panel and it’s happen 3 times until I playing with my new toys to stop this guy.
What is .htaccess? In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. Read full in wikipedia. Back to the topic what should we do to stop hackers controlling our admin area?
There is lots of technique, what I write in here just some technique using .htaccess files:
- Protected your wp-login.php files.
<Files wp-login.php>
Order deny,allow
Deny from All
Allow from xxx.xxx.xxx.xxx
</Files>
Where xxx.xxx.xxx.xxx is your IP, if you meet problem to know your IP just look on IPchicken.com
- Protected your wp-config.php
Wp-config is vital configuration files for wordpress, it should secured to stop people viewing it’s content.
<files wp-config.php>
order allow,deny
deny from all
</files>
- Protected your wp-comment-post.php
Even if you’re using Akismet plugins, to reduce spambot post via remote access you can use this code. (Change yourblog.com with your own domain name)
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
- Protected .htaccess file.
This code will protect all files with “.hta” string on it.
<Files ~ “^.*\.([Hh][Tt][Aa])â€>
order allow,deny
deny from all
satisfy all
</Files>
After using this tips the hackers can’t controlling my wordpress admin panel again hahaha! he try to inject using wordpress bug but when I limited IP to access admin panel he’s cry *lol* yay, I win! finally I beat this noob *lol* 😛
Similar Posts:
- Playing with .htaccess file
- Stop bandwith thief using rewrite rules on .htaccess file
- WP Super Cache Review
- PHP: Show Beauty Ads Inside Your WordPress Article
This blog is great! Thanks for your hard work on it.
Been playing with htaccess files actually.. these are pretty handy 🙂
Thank you so much, there aren’t enough posts on this… or at least i cant find them. I am turning into such a blog nut, I just cant get enough and this is such an important topic… i’ll be sure to write something about your site
Hey man thanx for the info. it’s great!!
I will follow your instructions
Greetings from Mexico City
Working at home is now increasingly popular not only to earn in which amount of more money but also like a full-time home business opportunity. You should …
Some good ideas… Every WP admin should implement this to secure the sites.
Nice useful tips… One question though :
Do all those code go in the same .htaccess file ?
Or should i put them in a particular folder depending on in which folder the file i want to protect is ??
thx for the help !
Hi, i believe that i noticed you visited my site thus i got here to return the desire?.I am attempting to
find issues to improve my website!I suppose its good enough to make use of a few
of your concepts!!