Home > Wordpress > Secure you WordPress Installation

Secure you WordPress Installation

Posted by : Dexter Panganiban on January 19, 2008 | ; Filed Under Wordpress

If you are my constant readers you know that I have been hacked before. That is why I can’t help sharing this to you guys I just found a very good security tip from Dailyblogtips.com.

1. Secure the /wp-admin/ directory

2. Hide your plugins

3. Keep up with patches and updates

Go Ahead and check your blog. :)

Update : I just found out that lots of Filipino bloggers are susceptible to Item # 2. So you better check your blog and hid your plugins.

Make Blank index.html at your /wp-content/plugins/ folder. You know who you are. Better check it or be sorry :)

Related Posts
  • WordPress 2.6 is out, Is it Stable ?
    After WordPress 2.6 Beta 1 and WordPress 2.6 Beta 2 now here comes the final version of WordPress 2.6 and the following changes are just some of the features of the new WordPress 2.6. Here are some of the smaller features and improvements in 2.6: Word count! Never guess how many words are in your ...
  • Errors in Upgrading WordPress 2.8 bleeding-edge
    I just tested to upgrade one of my site to WordPress 2.8 , since it was released yesterday, and after automatic installation of WordPress 2.8 bleeding-edge I have received the following errors Fatal error: Call to undefined method WordPress_Module::_weak_escape() in /mnt/local/home/XXX/XXX/wp-inc...
  • Got Hacked Again
    Last January WordPress.net.in has injected codes at my WordPress files in which the following WordPress files has been injected with numbers for SQL wp-admin/admin.php wp-admin/index.php wp-includes/wp-db.php wp-includes/pluggable.php wp-includes/gettext.php wp-includes/default-filters.php T...
Related Posts Plugin for WordPress, Blogger...

Enter your email address:

Tags: Directory, Filipino Blogger, Hack, Security

About the author

Dexter is a person that love technology,new gadget, SEO, Social Media and Christianity. Follow him at twitter via @techathand and add him @ Google+ and contact us at admin@techathand.net

Sign up for PayPal and start accepting credit card payments instantly.

Interesting Comments

18 Responses to “Secure you WordPress Installation”

  1. marhgil on January 19th, 2008 6:40 pm

    thanks for your comment. got my plugins already fixed. :)

    Reply


  2. Dexter on January 19th, 2008 6:53 pm

    Good to hear that Marhgil

    Reply


  3. Ederic on January 19th, 2008 7:02 pm

    Thanks for the reminder. :)

    Reply


  4. dexter on January 19th, 2008 8:37 pm

    @ ederic,

    your welcome hope you like my archives here

    Reply


  5. Ederic on January 19th, 2008 9:38 pm

    Of course. I shall browse your archives from time to time. :)

    Reply


  6. SELaplana on January 20th, 2008 5:57 pm

    thanks for telling me about this…. hehehe kita mo na pala mga plugins that I’ve tried

    Reply


  7. Dexter on January 20th, 2008 6:40 pm

    @ SELPLANA

    Actually not really , The moment I saw it’s vulnerable, I immidiately email you and go.. That’s it..

    Reply


  8. sylv3rblade on January 21st, 2008 5:22 pm

    Thanks sa email kuya Dex. di ko pa maayos kasi nagloloko both ang Smart Broken line and Globe DSL namin.

    Reply


  9. Dexter on January 21st, 2008 6:48 pm

    @ sylv3rblade

    Ah ok.. kapag naayos na.. be sue fix it immidiately..

    Reply


  10. Rayland on January 29th, 2008 2:11 am

    a faster way to prevent access to those directories is by adding a line to your .htaccess file..

    Options All -Indexes

    adding that line denies access to directories which do not have an index file, but contain other sensitive files. you might want to try it. it sure saves a lot of time compared to adding an index file to each and every directory you want to protect.

    Reply


  11. Dexter on January 29th, 2008 10:48 am

    @ Rayland

    Is this applicable in all types of platform.. I mean applicable sa Apache….( I am not an expert on this ) ussually I am afraid to touch .htaccess.. It can be helpful or distructive to SEO..

    Reply


  12. Rayland on January 29th, 2008 12:51 pm

    this should work on all apache servers..

    i know what you mean by how it can be destructive to SEO. but how i see it, adding that line merely prevents users from seeing the folder contents. but it doesnt prevent robots from accessing the folders and the contents within. :D

    Reply


  13. Dexter on January 29th, 2008 2:41 pm

    @ Rayland

    I have this

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    Where do I have to insert it..? Thanks in advance

    Reply


  14. Rayland on January 29th, 2008 2:54 pm

    just insert it on any line actually.. as long as it is on a line of its own.

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    Options All -Indexes

    the “# END WordPress” are just comments like in css where they have it as /* comment here */ . so they just get ignored. those rewrite rules are for your permalinks so dont remove them.

    Youre Welcome :D

    Reply


  15. jayl on November 8th, 2008 5:16 pm

    how about a redirection of your 404′s to your sitemap :D this way your “visitor” would just be dumbfounded at your categories, archives and pages. Also good for the bots :D

    jayls last blog post..Sad Guys on Trading Floors

    Reply

    Dexter Panganiban Reply:
    November 8th, 2008 at 9:45 pm

    Well We can ask Marhgil about it.. I am not really that Php progrmamer.. But I will try to find it out. :)

    Reply


  16. jayl on November 9th, 2008 2:47 am

    Im not a coder as well. The tip of Marhgil did not work out for me, I did a post about an alternative way of disabling wp directories. It worked for me.

    thanks,
    jayl

    jayls last blog post..Hide Those WordPress Directory Files

    Reply

    Dexter Panganiban Reply:
    November 9th, 2008 at 11:26 am

    Thanks for the link in your latest post :)

    Reply


1 pingsLinks To This Post

  1. Hide Those Wordpress Directory Files | Hinlalato on November 9th, 2008 2:41 am

    [...] the Options All -Indexes tip of sir Marhgil did not work out for you? or you figured out that Sir Dexter’s method of making blank index.html and uploading it to your /wp-content/plugins/ or in any folder is just a bit [...]


Leave a Reply




My Sponsors

Help My Father's Kidney Dialysis Expenses

Help in My Father’s Kidney Dialysis by Contributing Articles and/or Being Our Link Builder

Subscribe to RSS feed

Subscribe to RSS feed

Enter your email address:

Categories