wpyag.com » WordPress Security http://www.wpyag.com Free and Premium WordPress Themes Tue, 01 Nov 2011 13:23:48 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Disable Directory Indexing in WordPress http://www.wpyag.com/wordpress-security/disable-directory-indexing-in-wordpress/ http://www.wpyag.com/wordpress-security/disable-directory-indexing-in-wordpress/#comments Tue, 04 May 2010 20:40:24 +0000 admin http://www.wpyag.com/?p=359 disable directory index This is another good security tip for your WordPress blog. This method works for all types sites. By disabling directory indexing, you can prevent people seeing through your directory structure. Like say people cannot see list of images stored in domain.com/images

This can be achived using a .htacess file in public_html folder. Just add below codes in .htacess file present in your public_html folder.

Options -Indexes

Warning

When editing or modifying the .htaccess file of your WordPress blog, make sure to always have a backup that you can restore in case of something went wrong.

]]> http://www.wpyag.com/wordpress-security/disable-directory-indexing-in-wordpress/feed/ 0 Deny Access to wp-login.php by showing forbidden message http://www.wpyag.com/wordpress-security/deny-access-to-wp-login-php-by-showing-forbidden-message/ http://www.wpyag.com/wordpress-security/deny-access-to-wp-login-php-by-showing-forbidden-message/#comments Tue, 04 May 2010 20:29:58 +0000 admin http://www.wpyag.com/?p=356 security Using a .htacess file in root of your public_html directory, you can deny access to wp-login.php by showing forbidden message. You can only allow specific IP or IPs or IP range to use wp-login.php

Just add below codes in .htaccess file of in root of your public_html folder.

<Files wp-login.php>
Order deny,allow
Deny from All
Allow from xx.xx.xx.xx
</Files>

Note: In above code change xx.xx.xx.xx to your IP.
Done!!

Warning

When editing or modifying the .htaccess file of your WordPress blog, make sure to always have a backup that you can restore in case of something went wrong.

]]> http://www.wpyag.com/wordpress-security/deny-access-to-wp-login-php-by-showing-forbidden-message/feed/ 1 Allow WordPress admin login from specific IPs or IP range http://www.wpyag.com/wordpress-security/allow-wordpress-admin-login-from-specific-ips-or-ip-range/ http://www.wpyag.com/wordpress-security/allow-wordpress-admin-login-from-specific-ips-or-ip-range/#comments Tue, 04 May 2010 19:53:53 +0000 admin http://www.wpyag.com/?p=342 restrict login Its good security practice to allow admin logins from specific IPs only. So, even if your WordPress admin login details is hacked, you are still safe. Hackers will not be able to login in admin area of WordPress, and your blog is safe.

This can be achieved easily by using a .htracess file in wp-admin folder.
How can I allow admin login from one specific IP
Open notepad and copy paste following codes.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx

NOTE: Change xx.xx.xx.xx to your IP.
Upload this text file in wp-admin folder and rename it to .htaccess
Done!!

Lets say your IP is 122.162.160.9
If your IP is 122.162.160.9, you should replace xx.xx.xx.xx in above code to 122.162.160.9
Now only person from 122.162.160.9 will be able to login in wordpress admin panel.

How can I allow admin login from many specific IP
If you want to allow login from multiple specific IPs, you just need to add those IPs in .htacess file we made above.
Something like this:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from aa.aa.aa.aa
allow from bb.bb.bb.bb
allow from cc.cc.cc.cc
allow from dd.dd.dd.dd

Note:

Replace aa.aa.aa.aa, bb.bb.bb.bb, cc.cc.cc.cc, dd.dd.dd.dd to IPs which you want to allow.
Like this, you can allow multiple IPs to login as admin.

How can I allow admin login from a IP range
This is common question asked by many wordpress users. Many people like me are on DSL connection and have dynamic IP. Our IP changes everytime, we start computer or restart modem. So, people on dynamic IP need to allow a specific IP range.

You need to use below code for .htaccess file to allow a complete IP range.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from 67.22.xx.xx

Note:

In above code, you need to change just first two place of IP and leave xx.xx
Lets say your IP current IP is 122.45.673.46
Then you should use like 122.45.xx.xx

Warning

When editing or modifying the .htaccess file of your WordPress blog, make sure to always have a backup that you can restore in case of something went wrong.

If you still have confusion, please let me know via comment.

]]> http://www.wpyag.com/wordpress-security/allow-wordpress-admin-login-from-specific-ips-or-ip-range/feed/ 0 Basic tips to secure your WordPress site http://www.wpyag.com/wordpress-security/basic-tips-to-secure-your-wordpress-site/ http://www.wpyag.com/wordpress-security/basic-tips-to-secure-your-wordpress-site/#comments Tue, 29 Dec 2009 10:13:48 +0000 admin http://www.wpyag.com/?p=91 There are lots of tips and plugins to secure your WordPress blog. But we generally don’t follow those tips. There are many reason why we don’t follow those security tips.

Here are few basic tips which all WordPress user must follow as security measure.
1. Always use and update to latest version of WordPress.
2. Always keep your plugin updated.
3. Download database regularly.
4. Use hard guess password.
5. Protect admin folder using .htaccess You can allow particular IP or IP range to login in WP admin panel using .htaccess.

]]> http://www.wpyag.com/wordpress-security/basic-tips-to-secure-your-wordpress-site/feed/ 0