By Samad Khan (twitter.com/programmersamad)
Wordpress is the world's most popular blog script with over 70million users are using know-a-day's, Samad Khan shows you howto secure your Wordpress.
Wordpress is CMS which numerous plugins and themes and verylarge active community, most of the people who don't even knowanythink about web programmer they can easily make there website with WORDPRESS.
Tutorial 1
How to configure the .htaccess file
Wiki(.htaccess file is a directory-level configuration file supported by several webservers, that allows for decentralized management of web server configuration.)
i will cover few .htaccess code's here to protect wordpress,
first make a backup of .htaccess file.
NOTE: any additional code to the .htaccess file to be added after # END wordpress
1.1 No Directory Browsing (Directory traversal)
how to combat against Directory traversal using .htaccess
1.2 Block Access to wp-Content
wp-content folder contains all themes, plugins, and images.so it make blocking outsiders to access wp-content folder
lets protect .htaccess because its important file.
1.4 Banned bad users
if you know some users trying to access your admin panel or trying to brute force your admin pages, you can ban that person by using simple .htaccess code
1.5 protect wp-config.php file
wp-config file in your root directory that stores information about you site and database detials.
there are more .htaccess codes you can google it to learn.
Wordpress is the world's most popular blog script with over 70million users are using know-a-day's, Samad Khan shows you howto secure your Wordpress.
Wordpress is CMS which numerous plugins and themes and verylarge active community, most of the people who don't even knowanythink about web programmer they can easily make there website with WORDPRESS.
Tutorial 1
How to configure the .htaccess file
Wiki(.htaccess file is a directory-level configuration file supported by several webservers, that allows for decentralized management of web server configuration.)
i will cover few .htaccess code's here to protect wordpress,
first make a backup of .htaccess file.
This how .htaccess file look
NOTE: any additional code to the .htaccess file to be added after # END wordpress
1.1 No Directory Browsing (Directory traversal)
how to combat against Directory traversal using .htaccess
# directory browsing
Options All -Indexes
1.2 Block Access to wp-Content
wp-content folder contains all themes, plugins, and images.so it make blocking outsiders to access wp-content folder
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
lets protect .htaccess because its important file.
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>1.4 Banned bad users
if you know some users trying to access your admin panel or trying to brute force your admin pages, you can ban that person by using simple .htaccess code
<Limit GET POST>
order allow,deny
deny from 212.190.121.91
allow from all
</Limit>1.5 protect wp-config.php file
wp-config file in your root directory that stores information about you site and database detials.
<Files wp-config.php>
order allow,deny
deny from all
</Files>there are more .htaccess codes you can google it to learn.
No comments:
Post a Comment