-
RSS Feeds
-
Recently Written
- Top Ten Most-Blocked Websites
- Google Search Results in Warning Entire Internet
- Top Ten Mobile Games in 2008
- Top Ten Best Java Mobile Games
- Best of Moonlight Blog 2008
- Security Risks in GoDaddy Total DNS Control
- Top Ten Best Video Games of 2008
- Wordpress 2.7 Released
- Pownce is Shutting Down
- Top Ten Wordpress Security Tips
-
Most Viewed Posts
- Youtube Unblocked in China - 12,540 views
- Top Ten Best PlayStation Games - 8,755 views
- SourceForge Blocked In China - 8,337 views
- Top Ten Best Wordpress Plugins - 7,702 views
- WordPress Plugin: Post2Mail, Send Post to Email - 6,307 views
- Wordpress Plugin: Chinese PinYin Slug - 5,767 views
- WordPress MU AdSense Plugin - 5,658 views
- Top Ten Best Firefox Extensions - 5,290 views
- Top Ten Best PS2 Games - 4,502 views
- China Internet Censorship Goes Crazy - 3,911 views
-
Most Commented Posts
- About This Blog - 102 comments
- SourceForge Blocked In China - 53 comments
- The Secret Of Internet Censorship In China - 45 comments
- WordPress Plugin: Post2Mail, Send Post to Email - 41 comments
- FeedBurner Blocked By China - 34 comments
- GoDaddy Blocked in China - 34 comments
- Top Ten Best Wordpress Plugins - 33 comments
- China Internet Censorship Goes Crazy - 30 comments
- Top Ten WordPress SEO Tips - 30 comments
- WordPress MU AdSense Plugin - 29 comments
-
Categories
-
Archives
-
Pages
-
Blogroll
-
Admin
Search
Nov
30
Top Ten Wordpress Security Tips
Filed Under development |
Below are 10 security tips that you can easily implement on your WordPress blog. Please share one or more life-savers you use permanently to help protect yourself from WordPress security issues.
1. Upgrade Wordpress - In general, keeping your Wordpress installation up to date is a great way to avoid known problems. Do note that the lastest version, especially in the case of major upgrades, may cause more problems then it resolves.
2. WordPress Version - The tag in your header.php that displays your current version of wordpress. Since everyone knows your wordpress version this way, your blog is prone to hackers if you have not upgraded to the new version.
3. WordPress Username - Every hacker knows Wordpress has a user “admin” with god-like administration privileges. Slow the hackers down by removing the “admin” user. Create a Wordpress user with admin privileges using the administration interface. Log out of Wordpress and log back in with the new user. Delete the admin user. The new admin user should be different than your normal post author.
4. WordPress Password - Are you still logging into your wp-admin page with the same default password that was emailed to you? If so, CHANGE IT! That password is only 6 characters and just numbers and letters. Make it complex and more than 10 characters if you can. Also, try not to use words, make it a nice jumble of letters, numbers, and symbols.
5. Prevent Directory Listing - In many Wordpress installations it is possible to view a list of installed plugins by navigating to the /wp-content/plugins/ directory. This is not a good idea as known plugin vulnerabilities can than be easily exploited. Add an empty default index file, such as index.html, to the directory. You can also protect it using an .htaccess file assuming you’re using Apache.
6. Protect Your WP-Admin Folder - You can protect your Wordpress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog.
7. Protect From Search Engines - There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list:Disallow: /wp-*
8. Install Login Lockdown WordPress Plugin - This plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
9. Install WordPress Database Backup Plugin - You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.
10. Install Wordpress Security Scan Plugin - The WP Security Scan plugin attempts to both to audit your blog security and to implement many of the suggestions mentioned above.
Hello webmaster I like your post Wordpress Security Tips - Moonlight Blog so well that I like to ask you whether I should translate and linking back. Please give me an answer. Your Goldpreise
[...] For the orginal English version, please visit Moonlight’s blog: http://www.moon-blog.com/2008/11/top-ten-wordpress-security-tips.html [...]
Please add to install Wordrpess with a differente then the Default “wp_” table prefix. This can protect against pro-forma, automated attack-tests.
[...] 英文原文:Top Ten Wordpress Security Tips [...]
[...] 英文原文:Top Ten Wordpress Security Tips 中文译文:十大WordPress安全设置技巧 文章如转载,请注明:转载自我就要说社 [ http://www.591shoe.com/ ] [...]
[...] 英文原文:Top Ten Wordpress Security Tips 中文译文:十大WordPress安全设置技巧 [...]
[...] 英文原文:Top Ten Wordpress Security Tips 中文译文:十大WordPress安全设置技巧 [...]
[...] 英文原文:Top Ten Wordpress Security Tips 中文译文:十大WordPress安全设置技巧 [...]