Comments on: 3 Must Apply Security Tips for WordPress https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/ DailyBlogTips.com takes you from SEO to CEO. You’ll learn everything you need to know to master blogging, SEO, marketing, web design leading you to passive income. Mon, 24 Jul 2023 21:54:38 +0000 hourly 1 https://wordpress.org/?v=6.4.3 By: Keith Davis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-1019439 Sun, 15 Nov 2009 21:48:38 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-1019439 Three things you need to consider when using WordPress… security, security, security.
Three great tips that could perhaps be explained in a little more detail.

]]>
By: matt https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-979078 Mon, 21 Sep 2009 04:59:01 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-979078 Thank you, I had been googling all the security problems that wordpress had to figure out how to fix it. I love wordpress, but the fact that anyone can hack into my site or edit something scares me, especially if I spend 100’s of hours building up my site.

]]>
By: Altis Lo (Beaulife) https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-961458 Fri, 28 Aug 2009 14:32:53 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-961458 Thanks for the tips and comments. I just thought about the dynamic IP for my broadband… So tips no. 2 and 3 are the easiest to apply.

]]>
By: HLBryant https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-878644 Tue, 26 May 2009 19:05:48 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-878644 I tried the htaccess and stumbled into an odd error! I couldn’t use the Plugin automated service that is in the admin of a WP Blog. It told me I had no permission!

When I deleted it, I was able to install my plugins. 🙂 Just something to look out for? 🙂

]]>
By: Bikram https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-772879 Fri, 13 Feb 2009 10:31:32 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-772879 Hi!

My IP changes every time i restart my broadband modem. what should i do to prevent hacking on my wordpress install? need help on this issue.

Thanks

]]>
By: Bikram https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-772877 Fri, 13 Feb 2009 10:30:32 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-772877 Hi!

My IP changes every time i restart my broadband modem. what should i do to prevent hacking on my wordpress install? need help on this.

]]>
By: Mr. I https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-771327 Thu, 12 Feb 2009 02:12:39 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-771327 Unfortunately, I have dynamic IP’s and can’t set tip no. 1. But I will apply no. 2 as No. 3 is already applied! 🙂

]]>
By: Eqwitty.com https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-724452 Wed, 31 Dec 2008 19:01:24 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-724452 great tips. thanks!

]]>
By: Jan Alvin https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-653864 Sun, 09 Nov 2008 20:43:49 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-653864 Wow, I’ve got to prevent hacking my blog as soon as possible.

]]>
By: Dinesh https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-628374 Tue, 14 Oct 2008 03:14:07 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-628374 Thanks for you information…

But this is more secure than the above code

# -FrontPage-

Options None

order deny,allow
deny from all
allow from all
require group authors administrators

order deny,allow
deny from all

AuthType Basic
AuthName yourwebsite.com
AuthUserFile service.pwd //Example /home/usename/public_html/_vti_pvt/service.pwd
AuthGroupFile service.grp //Example /home/username/public_html/_vti_pvt/service.grp

From

]]>
By: rajeev mehta https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-445566 Sat, 10 May 2008 07:03:19 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-445566 great tips.mine was getting hacked i think and this post really helped a lot ..

]]>
By: WebDiggin https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-409409 Tue, 22 Apr 2008 13:11:09 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-409409 Thanks for the security heads-up. We haven’t really thought about it til we saw this post.

FYI – Matt’s post has an update where Joshua Slive pointed out that the .htaccess file shouldn’t have a around the IP addresses. That would have allowed IP addresses to POST, for example.

We have a dynamic IP where the last digit of our IP address changes. There are about four or five different XX.XX.XXX.* address that we get with our ISP.

We found that if we just drop the last number, we’re still able to access our wp-admin folder, but if we use an anonymous proxy and try to access it from an IP address in Germany, it won’t get in.

Can anyone else verify that this works for dynamic addresses?

allow from xx.xx.xx
allow from xx.xx.xxx

Thanks

]]>
By: Mikael https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-389642 Fri, 11 Apr 2008 18:59:30 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-389642 What happens if you have other authors writing posts. Will point number 1 affect their ability ot login and post topics? I mean if their IP isn’t added to the file.

]]>
By: Bloggero https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-323954 Wed, 20 Feb 2008 12:03:17 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-323954 If I put .htaccess in /wp-content/plugins/ the plugins will work ?

]]>
By: Ness https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-318926 Sat, 16 Feb 2008 14:38:32 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-318926 Some good tips. Have just removed Meta tag showing wordpress version. Overlooked earlier.

]]>
By: Deborah https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-315143 Thu, 14 Feb 2008 00:19:23 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-315143 Jaan and Hendry,

Thanks for the reminder on the Options -indexes. That works the easiest for managing, without having to add index.php or index.html files in folders.

]]>
By: Hendry Lee https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-293593 Thu, 31 Jan 2008 13:49:01 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-293593 Regarding number 2, I’d recommend to disable directory index on all directories by placing the a line in .htaccess in the root directory:

Options -Indexes

This way, the option is off for the whole domain.

While restricting access to wp-admin is useful it is not for people who don’t have static IP.

]]>
By: Mark https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-291062 Tue, 29 Jan 2008 16:06:54 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-291062 Why a blank index.html? Can you use a blank index.php for this purpose to or is that a bigger security threat?

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-286870 Fri, 25 Jan 2008 19:05:28 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-286870 Brent, yes.

]]>
By: brent berrett https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-286709 Fri, 25 Jan 2008 16:30:22 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-286709 Can the files can be accessed directly even with a blank index.html file?

]]>
By: LoLo https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-285120 Thu, 24 Jan 2008 12:58:31 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-285120 “Do you know any other security tips that WordPress users should apply?”

1. Change the default DB prefix (wp_).
2. Hide your entire install.
3. Matt’s bonus tip was a bit off. You can still get his version info. Just edit your wp-includes/version.php to hide it correctly.

Info on how to hide your install and all the rest of this can be found here.

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-282124 Mon, 21 Jan 2008 18:45:41 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-282124 If you have a dynamic IP just go with a password protected .htaccess file as described by James W.

]]>
By: Nick - road2blogging https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-281197 Mon, 21 Jan 2008 00:18:10 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-281197 thanks for the tips. Hard to implement #1, but just done the other two.

]]>
By: Ruchir https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279751 Sat, 19 Jan 2008 14:51:10 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279751 “Matt suggests to place a .htaccess file inside the /wp-admin/ folder to block the access to all IP addresses, except yours.”

What if I have a dynamic IP?

And what if I access my admin through 2 different PCs with 2 different internet connections…

]]>
By: Bong (JB) https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279337 Sat, 19 Jan 2008 06:28:55 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279337 I haven’t worried about security stuff before but I’m going to implement this. Better safe than sorry. Thanks.

]]>
By: James W https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279099 Sat, 19 Jan 2008 02:23:40 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279099 Regarding .htaccess and IP Blocking: An alternative method is to use htaccess password – that way you can access it anywhere and not have it restricted to an IP. It pops up with a login box when you try to access the folder.

There even a wordpress plugin to do it (I havent tested it)

]]>
By: dennis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279062 Sat, 19 Jan 2008 01:51:38 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279062 @Mikhail: Its nearly impossible to plug all of the holes all of the time. Just depends on how paranoid you are. 🙂

]]>
By: dennis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279056 Sat, 19 Jan 2008 01:43:43 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-279056 If you have control over your site’s httpd.conf, it is probably a good idea to deny index listing by default. Under your DocumentRoot directive, change your ‘Options’ to include ‘-Indexes’ (exactly as others have specified for .htaccess above).

Example (angle brackets changed so they don’t mess up this comment):

[Directory “/var/www/html/yoursite”]
Options -Indexes

]]>
By: Ash Haque https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278860 Fri, 18 Jan 2008 22:29:19 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278860 Kind of defeats the whole point of being able to post to your site from anywhere (tip #1)

]]>
By: David Zemens - 1955 Design https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278780 Fri, 18 Jan 2008 21:10:07 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278780 @Mikhail: There is always a way around a security measure. They are just designed to thwart a percentage of the hackers. Thanks for the tip, though. I placed that index.php file in all the subfolders of the plugin directory. At least for the moment I am not exposed in the Akismet directory.

]]>
By: Jonas https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278669 Fri, 18 Jan 2008 19:16:26 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278669 Thanks for the tips! There are good reasons for hardening your WordPress install. WordPress stores passwords in the database as hash made from the password. A common Unix practice is to add random seed to the hash but WordPress does not do this. Should the password hash be revealed it could even be revealed by googling the hash!

]]>
By: Jaan Kanellis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278508 Fri, 18 Jan 2008 16:34:40 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278508 No problem!

]]>
By: Chris Jacobson https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278502 Fri, 18 Jan 2008 16:29:18 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278502 Great tips.

Thanks for the .htaccess trick, Jaan.

]]>
By: Zac Davis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278494 Fri, 18 Jan 2008 16:21:55 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278494 Wow, thanks for these tips. I’ll be sure to implement them.

]]>
By: Mikhail https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278490 Fri, 18 Jan 2008 16:18:42 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278490 @ David Zemens 1955 Design

don’t be so excited, bro, by posting your “informational message”

look,

you are still exposed

]]>
By: Michael Aulia https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278432 Fri, 18 Jan 2008 15:13:44 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278432 WOW..thanks so much..especially for Tip #2

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278365 Fri, 18 Jan 2008 13:30:48 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278365 Thanks Jaan, yeah it is the same trick Shoemoney recommended sometime ago.

]]>
By: Jaan Kanellis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278357 Fri, 18 Jan 2008 13:25:16 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278357 Just add the line:

Options -indexes

to your htaccess file

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278355 Fri, 18 Jan 2008 13:18:32 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278355 @David Zemens, nice warning message you put there :).

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278352 Fri, 18 Jan 2008 13:16:24 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278352 That works then! Can you share the code you used in the .htaccess file? Either here or on your blog and I will link to it.

]]>
By: Napster https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278349 Fri, 18 Jan 2008 13:10:33 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278349 Great security tips!

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278341 Fri, 18 Jan 2008 13:02:02 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278341 Right, but when the user clicks on the image he would be directed to the wp-content folder on your blog. If you block that he would see a 404 page, won’t he?

]]>
By: Jaan Kanellis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278338 Fri, 18 Jan 2008 12:55:10 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278338 Daniel that should not be a problem at all. Google doesnt find the images by browsing through folder access they find them through links on the pages themselves which would still work fine.

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278330 Fri, 18 Jan 2008 12:44:32 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278330 I wonder if you can specify IP ranges for tip number 1. This would solve the problem for people with dynamic IP addresses.

Well, you would still be vulnerable to people close to your IP class, but that reduces the risk greatly already.

]]>
By: Daniel https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278329 Fri, 18 Jan 2008 12:42:03 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278329 Jaan, yeah that is another option. I wonder if this would mess up people visiting single images via Google Image search though.

]]>
By: Jaan Kanellis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278326 Fri, 18 Jan 2008 12:37:59 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278326 Browsing access that is.

]]>
By: Jaan Kanellis https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278325 Fri, 18 Jan 2008 12:37:37 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278325 For #2 you should be blocking the content access in all folders through your htaccess file.

]]>
By: David Zemens - 1955 Design https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278324 Fri, 18 Jan 2008 12:33:46 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278324 Great tips. Without a static IP address tip #1 is difficult to implement. I already made the change you suggested in tip #2, but added a bit of an informational message to the index.php file that I dropped into the plugin folder.

]]>
By: Colourblogger https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278300 Fri, 18 Jan 2008 12:11:36 +0000 https://dailyblogtips.com/3-must-apply-security-tips-for-wordpress/#comment-278300 Good point! I never understand whay bloggers talk so freely about they installed plugins.

]]>