Comments on: 12 Essential Security Tips and Hacks for WordPress

By: Mike

Mike — Sun, 09 Oct 2011 14:17:02 +0000

These are some good tips. There are plenty of users who leave their sites as default who are usually the ones who get hacked. I have a list of some tips that I use for WordPress Security here: "http://www.otreva.com/blog/10-steps-to-securing-wordpress/

By: Anthony

Anthony — Thu, 15 Sep 2011 01:26:19 +0000

HEY!, I made WordPress SQL Backup plugin at http://anthony.strangebutfunny.net/my-plugins/alex-wp-backup/ it does more than a database backup it also backs up your uploads, themes and plugins!

By: Stoian

Stoian — Wed, 14 Sep 2011 06:23:42 +0000

Thanks man … very very useful information for WordPress security

By: Stanislav

Stanislav — Sun, 03 Jul 2011 09:32:08 +0000

Thanks for all tips! Really cool

By: Cody Bonney

Cody Bonney — Sat, 09 Apr 2011 19:23:58 +0000

Great tips. I would leave out the one about only allowing access by single IPs via htaccess though. Most people these days have dynamic IP addresses.

By: Ivan

Ivan — Fri, 11 Feb 2011 16:14:10 +0000

I think for avoid hacking by someone who want sabotage your wordpress :)

By: Cat Lady

Cat Lady — Tue, 02 Nov 2010 20:57:01 +0000

Bad ass! This is JUST what I needed…thanks! (=^_^=)

By: Jake

Jake — Fri, 03 Sep 2010 12:44:28 +0000

Very useful. Thanks for all these tips!

By: Jake

Jake — Fri, 03 Sep 2010 12:01:52 +0000

Thanks for all these tips!

By: furrykef

furrykef — Sun, 08 Aug 2010 01:58:30 +0000

The robots.txt example is slightly incorrect. It should read:

Disallow: /wp-

The asterisk after the hyphen is not needed and may in fact cause it to work incorrectly with some bots. Remember that the robots.txt standard specifies a simple substring search, so, unless you’re giving commands to a specific bot with known behavior, you should phrase your “Disallow”s as though they’re being matched with “if url.startswith(‘/blah’) …”