How To Protect Your WordPress Blog against Hackers – Part II


Earlier this month, I talked about how you can protect your WordPress site against hackers. As someone who has been a victim of hackers for so many times, I can tell you that you’d be doing yourself a favor if you keep a constant eye on your WordPress installation.

While protecting yourself by hiding plug-in and version info on your WordPress blog is the way to go, you should also do your utmost to protect your wp-admin folder. That’s where all the action happens. One way to protect your admin section is by limiting who can access your files there. Matt Cutts has an ageless piece on this.

But I would go one step beyond what Matt is suggesting in his document and deny access to wp-login file as well. That would allow you to protect your blog against Brute Force attacks. Here is how:

{Files wp-login.php}
order allow,deny
deny from all
allow from [your ip]
{/Files}

Replace { with < in the above, and put your IP in there, and you are ready to go. Keep in mind that this will make it very inconvenient for anyone to play with your log-in file (including you). But I rather be safe than sorry.

More WordPress reading: