Protect your Wordpress installation
Matt Cutts, works for the quality group and he leads Webspam team in Google. Cutts got in to search in 1999. He is well-known in SEO community and he is one of the co-inventors listed upon one of the most well-known patent filings from Google, involving search engines and web spam.
As well as being known as head of Google Search team, he also appears a lot in webmaster world with his articles in his blog and interviews. Few days ago he wrote a post titled Three Tips to Protect Your WordPress Installation.
Here is the first tip:
Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27
</LIMIT>I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address 64.233.169.99 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.
Click here to check out the other tips.
Bookmark