Secure you WordPress Installation
Posted by : Dexter Panganiban |If you are my constant readers you know that I have been hacked before. That is why I can’t help sharing this to you guys I just found a very good security tip from Dailyblogtips.com.
1. Secure the /wp-admin/ directory
2. Hide your plugins
3. Keep up with patches and updates
Go Ahead and check your blog. 
Update : I just found out that lots of Filipino bloggers are susceptible to Item # 2. So you better check your blog and hid your plugins.
Make Blank index.html at your /wp-content/plugins/ folder. You know who you are. Better check it or be sorry
Welcome back! You might want to check my Archives and let me take this opportunity to invite you at my Make Money Online Personal Blog
About the author
Dexter Panganiban : Dexter is a techie person that also blogs at his Personal Blog " Dexter Panganiban Site ", He is a Mechanical Engineer by Profession. He loves Search Engine Optimization and Making Money Online
Interesting Comments
18 Responses to “Secure you WordPress Installation”
1 pingsLinks To This Post
-
Hide Those Wordpress Directory Files | Hinlalato on
November 9th, 2008 2:41 am
[...] the Options All -Indexes tip of sir Marhgil did not work out for you? or you figured out that Sir Dexter’s method of making blank index.html and uploading it to your /wp-content/plugins/ or in any folder is just a bit [...]
Leave a Reply
Check my Blogging Tips and Experience
- Official Gmail Blog launched
- My New blog Crawled by Google
- How To Make Sure That Your post shows will show up in Trackback links ?
- How to Feed Subscribe in a Particular Label or Category of a Blog
- How To Insert Links to Your RSS Feeds
My WordPress Tips and Tricks
- WordPress Comment Push Notification for iPhone Users
- Learning Lesson from Blogging the Hard Way
- WordPress Plug-ins : AdSense Manager
- WordPress Plug-Ins : Separating Comments and Ping
- Solution on how to post even you have “code=DNS_TIMEOUT” error
My SEO Tips and Tricks
Affiliate Links
Subscribe to RSS feed
Categories
- Categories
- Adsense Tips and Experience (65)
- Blogging Tips and Experience (181)
- Experiment (15)
- Gadget (139)
- How To (18)
- Internet News (126)
- Mobile (65)
- Mom Gadget (5)
- Problogging – Make Money Online (58)
- Saudi Tech Stuff (10)
- SEO ( Search Engine Optimization Tips ) (105)
- Site Updates (42)
- Tech Stuff (77)
- Tips and Tricks (64)
- Wordpress (74)
thanks for your comment. got my plugins already fixed.
Reply
Good to hear that Marhgil
Reply
Thanks for the reminder.
Reply
@ ederic,
your welcome hope you like my archives here
Reply
Of course. I shall browse your archives from time to time.
Reply
thanks for telling me about this…. hehehe kita mo na pala mga plugins that I’ve tried
Reply
@ SELPLANA
Actually not really , The moment I saw it’s vulnerable, I immidiately email you and go.. That’s it..
Reply
Thanks sa email kuya Dex. di ko pa maayos kasi nagloloko both ang Smart Broken line and Globe DSL namin.
Reply
@ sylv3rblade
Ah ok.. kapag naayos na.. be sue fix it immidiately..
Reply
a faster way to prevent access to those directories is by adding a line to your .htaccess file..
Options All -Indexes
adding that line denies access to directories which do not have an index file, but contain other sensitive files. you might want to try it. it sure saves a lot of time compared to adding an index file to each and every directory you want to protect.
Reply
@ Rayland
Is this applicable in all types of platform.. I mean applicable sa Apache….( I am not an expert on this ) ussually I am afraid to touch .htaccess.. It can be helpful or distructive to SEO..
Reply
this should work on all apache servers..
i know what you mean by how it can be destructive to SEO. but how i see it, adding that line merely prevents users from seeing the folder contents. but it doesnt prevent robots from accessing the folders and the contents within.
Reply
@ Rayland
I have this
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Where do I have to insert it..? Thanks in advance
Reply
just insert it on any line actually.. as long as it is on a line of its own.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Options All -Indexes
the “# END WordPress” are just comments like in css where they have it as /* comment here */ . so they just get ignored. those rewrite rules are for your permalinks so dont remove them.
Youre Welcome
Reply
how about a redirection of your 404′s to your sitemap
this way your “visitor” would just be dumbfounded at your categories, archives and pages. Also good for the bots 
jayls last blog post..Sad Guys on Trading Floors
Reply
Dexter Panganiban Reply:
November 8th, 2008 at 9:45 pm
Well We can ask Marhgil about it.. I am not really that Php progrmamer.. But I will try to find it out.
Reply
Im not a coder as well. The tip of Marhgil did not work out for me, I did a post about an alternative way of disabling wp directories. It worked for me.
thanks,
jayl
jayls last blog post..Hide Those WordPress Directory Files
Reply
Dexter Panganiban Reply:
November 9th, 2008 at 11:26 am
Thanks for the link in your latest post
Reply