A simple way to protect your Wordpress site from being hacked
Wow, has it been almost 15 years now?
Anyhow, despite the fact that CF is a great language and a very rapid development platform, these days I've converted over to using self-hosted Wordpress for many of my sites, especially new ones, because it is such a great CMS and a fantastic way to get sites up and tested and performing very, very quickly. I still use CF for all the heavy lifting, but for many sites Wordpress is the ticket for me.
So that led me to think about the security aspect of WP sites. You guys who are using WP know that by default the way to log into your WP admininstration panel is like this:
http://www.whateveryoursitenameis.com/wp-admin
This problem is worsened if you've used a relatively non-complex user name and password. If your site is "Joe's Site" and the admin username is "adminjoe" and the password is "joe123" then it shouldn't take too much time for a hacker to brute force his way in.
So here's a simple way for any non-programmer-types to protect your WP administration system from such an attack: using FTP to log in to your site, rename the "wp-admin" subdirectory to something else, like "wp-admin-x43q178e". Then, any attempts to login to the WP control panel like this:
http://www.whateveryoursitenameis.com/wp-admin
http://www.whateveryoursitenameis.com/wp-admin-x43q178e
Then, when you need to login to your WP administrator, simply FTP in first and rename the directory back to "wp-admin". Then you can login as normal. The best part of this simple technique is that you don't have to remember the new, more complex name of the wp-admin directory, since you only need to FTP in, find the renamed directory and change it back to "wp-admin" in order to administer Wordpress. When you're finished, change it something else more complex again.
Leaving your admin directory named "wp-admin" means that anyone running a discovery script against a list of domains looking for backdoor access will discover that your site is running on WP and that your admin directory is visible to the world. After that, a brute force script may be all that's necessary to take over your WP site.
Is this a foolproof method? No, of course it isn't. But at least it adds another simple layer of security which slows down a hacker enough that he may move on to another, more easy to enter site. Does it add another step to your administration? Yes, it does. However you may feel that the protection you gain is worth the extra 15-30 seconds you need to expend in order to obscure your WP administration panel from the world.
And... it's free.
FREE REPORT: Split Test Your Landing Pages the Easy Way
FREE REPORT: Split Test Your Landing Pages the Easy Way
FREE REPORT: Split Test Your Landing Pages the Easy Way
Killer Sales Video
FREE REPORT: Split Test Your Landing Pages the Easy Way
FREE REPORT: Split Test Your Landing Pages the Easy Way
FREE REPORT: Split Test Your Landing Pages the Easy Way
Be blessed with Thai Buddha Amulets & Tibetan dZi to accumulate wealth, health & good fortune
Build your own community business
Article Directory Source Code with blog & Classified Ads
Understanding the cycle of Karma & Merits
My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
FREE Affiliate Marketing Mini Course Reveals The Fastest And Honest Way To Make Your First $1000 Online
Click Here To Get FREE Instant Access
This signature intentionally left blank.
FREE REPORT: Split Test Your Landing Pages the Easy Way
LIMITED TIME Discount for Warriors
Free Graphics Creator for Mac and PC!
âStrategy without action is a day-dream; action without strategy is a nightmare.â â Old Japanese proverb -
FREE REPORT: Split Test Your Landing Pages the Easy Way