Comments on: Firming up WordPress’s security http://atastypixel.com/blog/firming-up-wordpresss-security/ Fri, 10 Feb 2012 00:47:12 +0000 hourly 1 By: Ben http://atastypixel.com/blog/firming-up-wordpresss-security/comment-page-1/#comment-1179 Ben Sun, 28 Jun 2009 17:20:33 +0000 http://atastypixel.com/blog/2009/05/10/firming-up-wordpresss-security/#comment-1179 <p>Hi! I'm using your wordpress template - hope that is ok? Those code-blocks you have in this post...is that the "quote" function? Cause in my wordpress the quote-function is not showing a frame with another color like yours is doing here... (sorry for my bad english)</p> <p>Best greetings Ben</p> Hi! I’m using your wordpress template – hope that is ok? Those code-blocks you have in this post…is that the “quote” function? Cause in my wordpress the quote-function is not showing a frame with another color like yours is doing here… (sorry for my bad english)

Best greetings Ben

]]> By: aquariumfish http://atastypixel.com/blog/firming-up-wordpresss-security/comment-page-1/#comment-1104 aquariumfish Mon, 25 May 2009 02:08:05 +0000 http://atastypixel.com/blog/2009/05/10/firming-up-wordpresss-security/#comment-1104 <p>Hmm, I never took into concideration that if you limit your whole wp-admin directory to be accessed by just one IP Address that it may effects PING BACKS reading your comments above. Also I just read other issues it can cause also. Read this thread here: http://bad-neighborhood.blogsblogsblogs.com/2007/08/29/login-lockdown-a-new-wordpress-security-plugin/</p> Hmm, I never took into concideration that if you limit your whole wp-admin directory to be accessed by just one IP Address that it may effects PING BACKS reading your comments above. Also I just read other issues it can cause also. Read this thread here: http://bad-neighborhood.blogsblogsblogs.com/2007/08/29/login-lockdown-a-new-wordpress-security-plugin/

]]> By: Michael http://atastypixel.com/blog/firming-up-wordpresss-security/comment-page-1/#comment-1102 Michael Mon, 25 May 2009 01:14:06 +0000 http://atastypixel.com/blog/2009/05/10/firming-up-wordpresss-security/#comment-1102 <p>Good comments! It's worth noting that, for those who don't have a fixed IP address (like me, for better or worse), this will require regular updating to match your current IP.</p> <p>It may be worth also limiting access to wp-login.php and possibly the xmlrpc.php RPC entry point, if one's feeling particularly paranoid - that can be done using the 'Files' directive, with the same stuff from aquariumfish above.</p> Good comments! It's worth noting that, for those who don't have a fixed IP address (like me, for better or worse), this will require regular updating to match your current IP.

It may be worth also limiting access to wp-login.php and possibly the xmlrpc.php RPC entry point, if one's feeling particularly paranoid – that can be done using the 'Files' directive, with the same stuff from aquariumfish above.

]]> By: aquariumfish http://atastypixel.com/blog/firming-up-wordpresss-security/comment-page-1/#comment-1101 aquariumfish Mon, 25 May 2009 00:59:49 +0000 http://atastypixel.com/blog/2009/05/10/firming-up-wordpresss-security/#comment-1101 <p>I've added some breaks in to display the code hopefully better for you.</p> <p>Goes in .htaccess file dropped in wp-admin folder</p> <p>Order Deny,Allow<br/> Deny from all<br/> Allow from 92.239.86.166</p> <p>Add to your wordpress .htaccess file at the top to protect your wp-config file</p> <p><Files wp-config.php><br/> Order Deny,Allow<br/> Deny from All<br/> </Files></p> I’ve added some breaks in to display the code hopefully better for you.

Goes in .htaccess file dropped in wp-admin folder

Order Deny,Allow
Deny from all
Allow from 92.239.86.166

Add to your wordpress .htaccess file at the top to protect your wp-config file

<Files wp-config.php>
Order Deny,Allow
Deny from All
</Files>

]]> By: aquariumfish http://atastypixel.com/blog/firming-up-wordpresss-security/comment-page-1/#comment-1100 aquariumfish Mon, 25 May 2009 00:55:11 +0000 http://atastypixel.com/blog/2009/05/10/firming-up-wordpresss-security/#comment-1100 <p>To be honest your making hard work of things, why don't you just drop a new .htaccess file in your wp-admin directory that only allows access to that folder and all files within it from one IP Address only (yours). To do that use this code (change the IP of course) to suit yours</p> <p>Order Deny,Allow<br/> Deny from all<br/> Allow from 11.111.11.111</p> <p>Robots don't need to index anything in your wp-admin folder, so you have no worries about them being blocked also. However, also add an entry in your robots.txt file to disallow all robots from wp-admin folder for better SEO and to tell robots not to bother anyway trying to gain access there like Google, Yahoo, MSN etc.</p> <p>Now you will have better SEO and only you alone will be allowed access not only to your admin login page, but the whole wp-admin directory.</p> <p>You should also block all access to your wp-config.php file also, again add this to your .htaccess file in your ROOT directory were you config file resides that conatins your wordpress code in it also.</p> <p><Files wp-config.php><br/> Order Deny,Allow<br/> Deny from All<br/> </Files></p> To be honest your making hard work of things, why don’t you just drop a new .htaccess file in your wp-admin directory that only allows access to that folder and all files within it from one IP Address only (yours). To do that use this code (change the IP of course) to suit yours

Order Deny,Allow
Deny from all
Allow from 11.111.11.111

Robots don’t need to index anything in your wp-admin folder, so you have no worries about them being blocked also. However, also add an entry in your robots.txt file to disallow all robots from wp-admin folder for better SEO and to tell robots not to bother anyway trying to gain access there like Google, Yahoo, MSN etc.

Now you will have better SEO and only you alone will be allowed access not only to your admin login page, but the whole wp-admin directory.

You should also block all access to your wp-config.php file also, again add this to your .htaccess file in your ROOT directory were you config file resides that conatins your wordpress code in it also.

<Files wp-config.php>
Order Deny,Allow
Deny from All
</Files>

]]>