How to Create a Website - How to Make a Blog by Trevor - HTML preview

/ Home / Computer & Internet / How to Create a Website - How to Make a Blog
PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.
PREV   NEXT

Improve the Security of Your WP Site

Keep Your WordPress Site, and Plugins Updated

Ultimately, the best security is to make sure your software has no security holes.

 

The next line of defense is to quickly update your WordPress site and plugins

 

every time a new version is released. (this can be a real time consuming hassle, but it must be done)

Password Protect Your wp-admin Directory

Although the above measures are the only real solution to protecting your site, by

 

plugging the security holes, there are other less effective methods that you can

 

use in addition to keeping WordPress up-to-date.

 

I would password protect your WP-Admin directory on your site. If you password

 

protect your WP-Admin directory, the hacker will fail unless they also know your

 

username/password for that directory.

 

There are a few things you should note about protecting your WP-Admin directory:

• When you log into your WordPress blog, you will be asked to enter

two sets of username/passwords pairs, one by the web server that is

 

guarding your WP-Admin directory, and one by WordPress for your blog user account.

• For better security, you should set a username/password combination

that is different from that which you use for your WordPress blog

 

account. That way, if one pair is compromised in some way, at least you won't lose everything.

• This password protection is not 100% foolproof. The username and

password is transmitted by your browser to the web server without

 

encryption, so anyone sniffing your traffic will be able to find out your password. That goes for your WordPress blog account as well.

Prevent the Listing of Your WordPress Directories

To know whether you need to take this measure, try this: If your site is located at

 

lets say, http://www.YourDomainName.com/, type

 

http://www.YourDomainName.com/wp-content/plugins/ in your browser. If you

 

see a listing of all the plugins you have installed on your site, then beware! Allowing hackers to see your list of plugins (and other scripts) gives them the

 

opportunity to check what you have installed on your site. That makes it easy for

 

them to check it against their own list of plugins (and scripts) known to have

 

security holes. Armed with that knowledge, they can then compromise your site.

 

Although preventing the directory listing does not stop them from exploiting those

 

holes, at least you are not advertising your vulnerable scripts for all to see.

 

To block others from viewing your directories, please check out this tutorial on How to Prevent a Directory Listing of Your Website with .htaccess.
PREV   NEXT