A Security Tip for Your Wordpress Blog...

by Sandeep Shah

Posted: 14 years ago 6 replies

INTERNET MARKETING

Open notepad, copy & paste the following lines:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from XXX.XXX
</LIMIT>

XXX.XXX is the first 6 digits of your IP. If you have a static IP, you can enter the full IP address.

Save the file as .htaccess and place it in your WP-Admin folder.

YourBlog.com/wp-admin/ can be accessed only from this IP range. If your IP changes, you can go into FTP, edit the file directly and then login into your blog.

If you visit /wp-admin/ from another IP, a 404 error will show up.

#blog #security #tip #wordpress

RGallowitz 14 years ago

Dynamic IP won't work right?
- Thanks
- 1 reply
Signature

Make INSANE money by promoting PHYSICAL affiliate products.
The one and only "GALLO Affiliate System" -
>> Click Here! <<
{{ DiscussionBoard.errors[1497714].message }}
- Sandeep Shah 14 years ago
  
  Originally Posted by RGallowitz
  
  Dynamic IP won't work right?
  
  Usually the first 3 or 6 numbers of the IP will be static depending on the ISP. The last digits only will keep varying with every connection.
  
  For example if your ISP has IP starting as 345.678 & 345.679 . You can put
  
  allow from 345.678
  allow from 345.679
  
  and more if you want to. If your assigned IP is 345.678.123.456, you would be able to login.
  
  Just check your IP in Whatismyip.com or other similar services. Disconnect, reconnect and check again. You would get an idea.
  
  Thanks
  
  {{ DiscussionBoard.errors[1497754].message }}
butternyk 14 years ago

yps -- its already there in among the top 5 security tips to prevent hacking
- Thanks
- 1 reply
Signature

Please do not use affiliate links in signatures
{{ DiscussionBoard.errors[1498320].message }}
- TheRichJerksNet 14 years ago
  
  Originally Posted by butternyk
  
  yps -- its already there in among the top 5 security tips to prevent hacking
  
  It does not prevent hacking .. It may prevent someone from trying to access a admin login but hackers do not need to do that anyways. Programs like brute force and etc can still try to get your username and password no matter what IP you set the .htaccess to.
  
  Also there are keyloggers that you need to think about which I have seen many have problems with. This does not protect your wp blog as much as some think...
  
  Now hiding what the name of your admin folder is will help you a great deal more vs trying to block some ip.
  
  James
  
  [ 1 ] Thanks
  
  {{ DiscussionBoard.errors[1498548].message }}
Istvan Horvath 14 years ago

Just don't do this if you are traveling and updating your blog from locations all around the world...
- Thanks
- 1 reply
Signature
{{ DiscussionBoard.errors[1498496].message }}
- Sandeep Shah 14 years ago
  
  Originally Posted by Istvan Horvath
  
  Just don't do this if you are traveling and updating your blog from locations all around the world...
  
  In September 09 I was invited to a conference in my niche and I had to update while I was traveling...
  
  I was in a Hotel with Wifi connection. I checked out its IP and included it in the .htaccess file which took 2 minutes. But I had my laptop with me... all the FTP thing was there already.
  
  But when one is using public pcs to update the blog... it would be pretty difficult.
  
  Thanks
  
  {{ DiscussionBoard.errors[1498547].message }}