Comments on: Three tips to protect your WordPress installation

By: Jrenrock

Jrenrock — Tue, 16 Aug 2011 18:21:24 +0000

Protect your folder just add .htaccess file for every folder
the .htaccess must have

# disable directory browsing
Options -Indexes

Edit with notepad and save without extention like “.htaccess”

By: Matt Fraser

Matt Fraser — Wed, 27 Jul 2011 07:00:03 +0000

Matt,

Some great tips here.

However, in regards to restricting your ip address, what if you have a dynamic ip verses a static ip, would you still implement this?

By: Bekki

Bekki — Sat, 23 Jul 2011 12:30:22 +0000

Excellent post Matt.

Its essential to keep your blog secure from being hacked and these tips are spot on!

It took a little time to master the htaccess side of things but all is safe now….thanks for yet another great post to help everyone of us trying to get our sites at their best!

By: Sahil Kotak

Sahil Kotak — Sun, 17 Jul 2011 04:45:34 +0000

I would like to do the same to secure my blog. I will try the 1st Method right now (hope it works!) besides that I also use a plugin (didn’t remember the name) it helps me from the brute force attacks in my Wp Admin login.

Thank you for the tips Matt!

By: Dheeraj

Dheeraj — Sat, 04 Jun 2011 16:47:06 +0000

I think the very first point(Tip) is only for those people that are using static IP address. and Third one is really helpful. Because WordPress developer’s main concern is to make It hack proof.

By: Farid

Farid — Sat, 07 May 2011 15:40:45 +0000

Definitely some interesting points here. There is definitely a security issue with the blogs in which I myself have had experience.

By: Grahame k

Grahame k — Thu, 14 Apr 2011 15:39:05 +0000

I love wordpress but the security flaws scare me witless im sure alot of people feel the same, it’s been a while but cheers for the blog matt and i just hope this helps.

By: Christian Geek

Christian Geek — Tue, 12 Apr 2011 16:15:23 +0000

Hello!

Just a short question. If i restrict admin folder to my IP,
can I enter it with a different IP within my Ftp client?

It wouldn’t be so nice if in any case I lock myself out forever from my WP …

By: James

James — Mon, 07 Mar 2011 18:39:06 +0000

I read most of your posts but I must say that this is the most directly applicable post that I have read yet. If only I had decided to search for WP security posts before I had been hacked instead of after…

By: Matt

Matt — Mon, 31 Jan 2011 06:17:43 +0000

Matt, thanks for these tips, I find that the folks at wordpress do a great job at securing wordpress as much as possible one thing readers will want to avoid doing is using fantastico or other such services to install wordpress. Reason being it chooses a default name of wp1 or wp2 for your mysql data base username and password, these should be different and it automatically sets your database prefix to wp_ (which is what the native default install does as well, it should be changes to something like $%TGHffke^443#@4

That being said, there are a ton of other things to do but it would be more of a post than a comment.

However, readers may find this plugin helpful as well:

http://wordpress.org/extend/plugins/bulletproof-security/

Hope this helps someone out.

Happy Blogging.