Hardening WordPress

Recently there's been an increase in the number of hacks attempts on many of the sites in which we use and love on a daily basis. Millions of them use the popular framework called Word Press http://wordpress.org/ . Right now it's one of the best CMSes that I've seen in awhile and we use it quite a bit at Cosmic Egg. There are so many things that this powerful framework can do plus it has tons of plug-ins and themes.

Unfortunately with popularity it has attracted hackers who would love to get into your site and do malicious things. The good news is that theres a few plug-ins and tweaks that you can do to keep them out.

This article will discuss some security techniques to better harden and secure your Word Press site; this is especially effective in a hosted environment.

Step 1 ? Install Better WP Security (easy) .

Better WP Security is the easiest, most effective way to secure any Word Press site in seconds.

You can download it here: http://wordpress.org/extend/plugins/better-wp-security/.

Once downloaded; unzip it and upload it to your \wp-content\plugins\ folder. Now login to Word Press and activate the plug-in.

Now you will see a new item called Security on the left hand side menu. Click on it and you will be prompted with:

Definitely make the backup by clicking "Create Database Backup". It will take a few seconds but well worth the wait if something goes wrong.

Next you will see this text:

I personally do not want to change any core files as this could cause issues so let's just click "Do not allow this plugin to change WordPress core files."

Finally you will be at the main landing page for all of the settings. You should see a list of color coded links that can be updated or changed.

? Items in green are fully secured. Good Job!
? Items in orange are partially secured. Turn on more options to fully secure these areas.
? Items in red are not secured. You should secure these items immediately
? Items in blue are not fully secured but may conflict with other themes, plugins, or the other operation of your site. Secure them on if you can but if you cannot do not worry about them.

There are many options but be sure to at least update the following items:

2. Your WordPress header is showing too much information to users.
8. Your login area is not protected from brute force attacks.

That it for this fantastic plug-in. The next set is a bit more advanced and will require you to have FTP access to the server.

Step 2 ?Restricting access to the wordpress login by IP address (advanced).

This requires you edit or add a new file called ".htaccess" to the root directory of your word press installation.

Before we start You will have to know what your IP address is so visit http://www.whatismyip.com/ and save it for the next step. For this example we will be using 123.456.789.012.

Next copy the code below and replace our dummy IP with yours

  1.  
  2. <Files .htaccess>
  3. deny from all
  4. </Files>
  5.  
  6. <Files wp-login.php>
  7. order deny,allow
  8. allow from 123.456.789.012
  9. deny from all
  10. </Files>
  11.  
  12.  

Finally past the updated code it into your ".htaccess" file save and upload it to you server. Now only you IP address can access the login page. You can add multiple address by duplicating the line "allow from 123.456.789.012" and replace it with the desired addresses.

Now that we have our site locked down you can sleep at night knowing that you site will be safe. If you have any questions or need help you can always reach me at: macguyver@cosmicegg.com

Newsletter Sign Up

Sign Up
SafeSubscribe with Constant Contact
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
10 Things You Probably Didn’t Know About The iPhone! http://t.co/oWZoxPZw3U
44 months ago
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
Check out these promotional bottles we created for Dr. Bronner's to support GMO labeling in Washington! http://t.co/PJ7khKBO24
46 months ago
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
Have a Safe and Happy 4th of July!
48 months ago
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
Here's another recent site launch for a great client and they happen to be the leaders in the aerospace... http://t.co/wON4oC6dNx
48 months ago
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
Dr. Bronner's customized tent and promotional materials! http://t.co/FN6Iyi4o8u
48 months ago
cosmiceggstudioCosmic Egg Studios
@cosmiceggstudio:
Dr. Bronner's customized flags and signage for their shower! http://t.co/ZNSh6GrLqk
48 months ago