Circling the Wagons: How to Protect Your Wordpress Site
| Share |
This is a slightly modified version of Matt Cutts post about how to protect your Wordpress Installation.
1. As Matt recommends, lock down your wp-admin directory using this. He uses an .htaccess to block all but a few IP addresses, but there are other ways to do this as well. Here’s Matt’s code. I’m sure all you Aspie’s out there are getting a kick out of this.
2. Once again following Matt, hide your plugins directory by dropping an empty index.html file in wp-admin/plugins directory.
Here is where I diverge from the Google-God.
3. Install the Instant Upgrade Plugin. Make sure you back everything up before performing the upgrades. I haven’t had problems, but others have.
4. Install the Wordpress Database Backups plugin. I have mine set up to email me a backup once a week.
PS – John Cow needs the Lighter Admin Drop Down Menus plugin for this site. 
John Cow dot ComCircling the Wagons: How to Protect Your Wordpress SitePosted: 23 Jan 2008 07:42 PM CST
The web is getting more and more the playground for criminals. So it is more and more important to protect your websites. John Cow has written a nice post about that I just want to let you know about it.Check out his postand learn how to protect your site.
Cool tips thanks 4 dat!
i need to check out that instant upgrade plugin. never knew it existed.
Interesting post, I’ll keep this in mind.
-Mike
Good tip on the plug-in, looks like a time saver.
Thanks for the plugins. I’m going to test out the instant upgrade one very soon!
Another option would be to setup the admin area as a secure directory so that the user is then confronted with a username/password dialogue? Suppose it depends on how secure you want to be. I like the idea of nailing down ip address access though ( goes off thinking about subtext admin control ).
Thanks for these tips.
Have put some into place!
I’d also suggest the wordpress plugin, Login Lockdown which will count the number of attempts someone tries to login in your wp-admin. Then it can block them when they reach the limit of failed login attempts.
This can help you against brute force login attempts.
http://www.bad-neighborhood.com/login-lockdown.html
Thanks for the tips. I am adding all of them now. I never would have thought that a blog would be targeted for these types of attacks.
How about blogger since it is growing so fast. I wish I knew who could show me how to protect blogger.Since I have multiple blogger blogs
http://livelymoney.blogspot.com/2008/01/500-entrecredits-now-ultimate-competion.html
Hmmm, I already have my dedicated server set up to do a dump to the second harddrive everynight but imo the more backups you do the better.
I think I’ll check this plugin out soon.
[...] I’m just a lil ole calf when compared the the big cow, but sure enough he must have liked what I had to say because my inbox had a slew of comments from the post. [...]
Thank you for the tip. WordPress should consider this. HEYYYY! I’m in love with your site.
Thanks for the info on how to do this. I need to get on it.
Thanks for the feedback, everyone.
@alanj878: You’ll have to weigh the pluses and minuses of using a hosted solution like blogger. The main reason I host my own is because I want to have a backup of everything I create and Blogger doesn’t help with this. It’s also more difficult to monetize a hosted site.
Thanks. I think the blank index.html in the plugin directory is a great idea.
Nice tips!
Hmmm. I hate to put a dampener on things, put I’m not convinced that a ’slightly modified’ guest post should be published on a blog like this. I find the time to read John Chow dot Com because I appreciate the value of the blog. I know that the cow is on vacation, but I still don’t think it’s an excuse.
Am I being too harsh? What do you guys think?
I’ve using Wordpress Database Backup plugin from that url..
And I stored it at my computer..
But what I want to do if there’s something wrong with my wordpress??
Coz there’ only a word that I don’t understand at that txtfile…
Maybe you can explain ..
[...] Here is the original post: Circling the Wagons: How to Protect Your Wordpress Site [...]
@ Hafiz – depends on whether the blog readers gain anything from the post I suppose, although I agree that in general, I’d like to see “original” posts. What constitutes original, on the other hand, is a totally different question.
Just on the blank index.html point, you can achieve the same effect in all directories by creating an .htaccess file in your blog’s root directory (or using the one already there), and adding at the top the line:
Options -Indexes
I just find it easier to deal with all directories at once, rather than looking for any that might be visible manually.
Thanks Cow this is really a good idea and I am going to back up my blog before performing it…Hope it doesnot break my blog and make me MOO
I need that instant upgrade plugin. I’m always nervous about upgrading my wordpress!
[...] Here’s a useful article that was posted on the John Cow dot com website by GlobalMasterPlan. You need to read this if you’re using WordPress. The article gives a brief overview of the different plug-ins available to protect your site. Definitely worth checking out. Protecting Your WordPress Site [...]
[...] postings on MattCutts blog about his true but less severe hacking. There’s also a post on John Cow’s blog that got me thinking about this [...]
That auto-backup plugin I think may be one of the most useful plugins you listed there, just thinking about it now. It is good to have a backup on your PC/e-mail that you can easily access in the event of a problem.
[...] was also did a guest post on how to secure your blog over at JohnCow.com.http://www.johncow.com/protecting-your-wordpress-site/Sean ——————– SeanSeanAzul.comMy [...]
[...] Circling the Wagons: How to Protect Your Wordpress Site http://www.johncow.com/protecting-your-wordpress-site/ [...]
Good tip on the plug-in, looks like a time saver.