• Subcribe to Our RSS Feed

Secure you WordPress Installation

Jan 19, 2008 by     19 Comments    Posted under: Wordpress

If you are my constant readers you know that I have been hacked before. That is why I can’t help sharing this to you guys I just found a very good security tip from Dailyblogtips.com.

1. Secure the /wp-admin/ directory

2. Hide your plugins

3. Keep up with patches and updates

Go Ahead and check your blog. 🙂

Update : I just found out that lots of Filipino bloggers are susceptible to Item # 2. So you better check your blog and hid your plugins.

Make Blank index.html at your /wp-content/plugins/ folder. You know who you are. Better check it or be sorry 🙂

19 Comments + Add Comment

  • Im not a coder as well. The tip of Marhgil did not work out for me, I did a post about an alternative way of disabling wp directories. It worked for me.


    jayls last blog post..Hide Those WordPress Directory Files

  • […] the Options All -Indexes tip of sir Marhgil did not work out for you? or you figured out that Sir Dexter’s method of making blank index.html and uploading it to your /wp-content/plugins/ or in any folder is just a bit […]

  • how about a redirection of your 404’s to your sitemap 😀 this way your “visitor” would just be dumbfounded at your categories, archives and pages. Also good for the bots 😀

    jayls last blog post..Sad Guys on Trading Floors

    • Well We can ask Marhgil about it.. I am not really that Php progrmamer.. But I will try to find it out. 🙂

  • just insert it on any line actually.. as long as it is on a line of its own.

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    Options All -Indexes

    the “# END WordPress” are just comments like in css where they have it as /* comment here */ . so they just get ignored. those rewrite rules are for your permalinks so dont remove them.

    Youre Welcome 😀

  • @ Rayland

    I have this

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    Where do I have to insert it..? Thanks in advance

  • this should work on all apache servers..

    i know what you mean by how it can be destructive to SEO. but how i see it, adding that line merely prevents users from seeing the folder contents. but it doesnt prevent robots from accessing the folders and the contents within. 😀

  • @ Rayland

    Is this applicable in all types of platform.. I mean applicable sa Apache….( I am not an expert on this ) ussually I am afraid to touch .htaccess.. It can be helpful or distructive to SEO..

  • a faster way to prevent access to those directories is by adding a line to your .htaccess file..

    Options All -Indexes

    adding that line denies access to directories which do not have an index file, but contain other sensitive files. you might want to try it. it sure saves a lot of time compared to adding an index file to each and every directory you want to protect.

  • @ sylv3rblade

    Ah ok.. kapag naayos na.. be sue fix it immidiately..

  • Thanks sa email kuya Dex. di ko pa maayos kasi nagloloko both ang Smart Broken line and Globe DSL namin.


    Actually not really , The moment I saw it’s vulnerable, I immidiately email you and go.. That’s it..

  • thanks for telling me about this…. hehehe kita mo na pala mga plugins that I’ve tried

  • Of course. I shall browse your archives from time to time. 🙂

  • @ ederic,

    your welcome hope you like my archives here

  • Thanks for the reminder. 🙂

  • Good to hear that Marhgil

  • thanks for your comment. got my plugins already fixed. 🙂

Got anything to say? Go ahead and leave a comment!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>