There’s a very good post I found by Ruhani Rabin about How To Prevent Your WordPress From Being Hacked. It’s got excellent information that every blog writer should know. Here are a few relevant things:
- Rename the administrative account: You can do this in the MySQL command-line client with a command like
View Code SQLupdate tableprefix_users
set user_login=’anothername’
where
user_login=’admin’;or by using a MySQL frontend like phpMyAdmin.
- Use strong password: Creating a strong password that is also memorable is one of the easiest defenses against being hacked. There are a lot of online password strength checker that you could check. Here is Lorelle’s article on blog herald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable.
- Disable directory browsing: An attacker can reveal your files because they have been indexed by search engines, so you can use a simple one line code inside your .htaccess file
also use a robots.txt file to disallow the search engine robots to index the subfolder contents. Here is an example of a robots.txt file
View Code TEXT User-agent: *
Disallow: /cgi-bin/
Disallow: /wp-content/
Disallow: /wp-admin/
Disallow: /wp-includes/
A lot of the process involves changing the default settings and removing your directly files and such from search engines, bots, and curious nosy people. I wrote a post about hiding your plugins directory here. It’s another easy way to conceal your directory data but still enable your blog to function flawlessly.
January 27, 2009
blogs, security how-to, Wordpress