9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

wp-admin security

by onemind
7 replies
  • WEB DESIGN
    • |
How do you guys do security to allow only you to log into your wordpress site?

I had tried to put an htaccess in my admin folder but I must have done something wrong.

I want only my IP to be able to access any of my sites, back when I was in the adult industry a program called comus thumbs had a feature that blocked all access from anything but my IP. I am not a php expert though! I searched for plug-ins but to no avail.

I find security to be my most important issue now because of my site popularity. Thanks people for any help!
#security #wpadmin
  • Profile picture of the author SteveJohnson
    You need to be careful doing that - unless you're on a fixed-IP connection, your IP will change periodically and you'll be locked out until you change the pw file.

    Google for http authentication, you'll find all you need to know about generating the password file and where to put it.

    http authentication - Google Search

    EDIT:

    If you just want straight .htaccess IP blocking, this goes in your htaccess file:
    Code:
    order allow,deny
allow from 255.0.0.0
deny from all
    Replace 255.0.0.0 with your IP.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[3599539].message }}
    • Profile picture of the author onemind
      Awesome man thank you so much! That is what I need, and I have a static IP to work with. But any way to keep my stuff 100% secure is all that I am after.



      Originally Posted by SteveJohnson View Post

      You need to be careful doing that - unless you're on a fixed-IP connection, your IP will change periodically and you'll be locked out until you change the pw file.

      Google for http authentication, you'll find all you need to know about generating the password file and where to put it.

      http authentication - Google Search

      EDIT:

      If you just want straight .htaccess IP blocking, this goes in your htaccess file:
      Code:
      order allow,deny
allow from 255.0.0.0
deny from all
      Replace 255.0.0.0 with your IP.
      {{ DiscussionBoard.errors[3599758].message }}
  • Profile picture of the author haymanpl
    Try taking a look at a wordpress plugin called Bulletproof security

    I've written a full blog post on the best security measures for wordpress which may also help
    {{ DiscussionBoard.errors[3605624].message }}
    • Profile picture of the author WPpro
      Originally Posted by haymanpl View Post

      Try taking a look at a wordpress plugin called Bulletproof security
      Bulletproof Security turns out to be Swiss Cheese Security:

      BulletProof Security (WordPress Plugin) – Serious vulnerability / backdoor | Sucuri

      If you ever loaded that plugin on your sites then your sites are completely wide open and can be totally taken over with the greatest of ease.

      People who don't understand security ought not be trying to write code to handle security...
      {{ DiscussionBoard.errors[3714540].message }}
  • Profile picture of the author LastWarrior
    Here's a question for everyone...

    Why be concerned about security?

    If you were hacked, what sort of damage could be done?

    I ask this because aren't the site folders backed up? Besides, even
    if there were no security issue and your site/server crashes, wouldn't
    you be in the predicament?... having nothing. If you were hacked
    and someone messes up your site, couldn't the site be back up and
    running right away using the back up info?

    Are WP sites more vulnerable than regular sales pages?

    Thanks,

    LastWarrior
    Signature



    {{ DiscussionBoard.errors[3715034].message }}
    • Profile picture of the author Dr.Viper
      Originally Posted by LastWarrior View Post

      Here's a question for everyone...

      Why be concerned about security?

      If you were hacked, what sort of damage could be done?

      I ask this because aren't the site folders backed up? Besides, even
      if there were no security issue and your site/server crashes, wouldn't
      you be in the predicament?... having nothing. If you were hacked
      and someone messes up your site, couldn't the site be back up and
      running right away using the back up info?

      Are WP sites more vulnerable than regular sales pages?

      Thanks,

      LastWarrior
      Someone could upload Trojan/Rootkit droppers onto your server/hosting and your site's visitors will get virus when they browse the site.

      They will report this, and your domains will be blacklisted as unsecure or This domain might harm your computer. Do you want that?

      Also, they could infect into the co hosts if it is a shared hosting and your websites will be erased by the host to check the spread. Also, you might get sued by your visitor if anyone gets infected and acquires a loss, i don't know. Any of this can happen....

      @Original Poster
      Even static IPs can often change in the same subnet. It is difficult for ISPs to provide pure static IPs to customers. My plan comes with a static IP, but it gets jumping in the subnet, so allow your subnet...

      If your IP is xxx.kkk.rrr.jjj then set:

      allow for xxx.kkk.*.*

      or at least set:

      allow for xxx.kkk.rrr.*

      Setting for the single IP can be risky. Just keep your hosts phone number with you for your safety too in case you blacklist yourselves from your hosting.

      And another safety feature is that DO NOT USE ADMIN user atleast not with the username "admin". It makes bruteforcing half part easier.

      Hope that helps. if there's any other questions i'd be glad to pass any knowledge i have. Good luck.
      {{ DiscussionBoard.errors[3726029].message }}
  • Profile picture of the author ocrconvert
    Thanks for sharing.
    {{ DiscussionBoard.errors[3718429].message }}

Trending Topics