Comments on: 12 Essential Security Tips and Hacks for WordPress http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/ Thu, 18 Mar 2010 23:20:13 +0000 http://wordpress.org/?v=2.8.4 hourly 1 By: Tony http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-60396 Tony Sat, 27 Feb 2010 22:10:03 +0000 http://sixrevisions.com/?p=1239#comment-60396 I tried step 2, and as a result was unable to access my wp dashboard. Then I tried this code from Cats Who Code: AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic order deny,allow deny from all allow from xx.xx.xx.xx This time, I was able to log into WP dashboard. I tried step 2, and as a result was unable to access my wp dashboard. Then I tried this code from Cats Who Code:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx

This time, I was able to log into WP dashboard.

]]> By: Chris McCorkle http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-54446 Chris McCorkle Wed, 16 Dec 2009 13:14:50 +0000 http://sixrevisions.com/?p=1239#comment-54446 Great post. Thanks Syed for helping us secure our installations! About database backup: I use Wordpress Backup (by BTE) on all of my clients' WP installations. I have set up a few unique email addresses to which I have hourly backups emailed. It's an offsite backup of sorts. Great post. Thanks Syed for helping us secure our installations!

About database backup: I use Wordpress Backup (by BTE) on all of my clients’ WP installations. I have set up a few unique email addresses to which I have hourly backups emailed. It’s an offsite backup of sorts.

]]> By: viettel http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-52658 viettel Sat, 28 Nov 2009 09:23:39 +0000 http://sixrevisions.com/?p=1239#comment-52658 to @Joe Lish: you can do the password protected directory easily from Cpanel web host control. to @Joe Lish: you can do the password protected directory easily from Cpanel web host control.

]]> By: Janvier http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-49608 Janvier Mon, 26 Oct 2009 16:09:26 +0000 http://sixrevisions.com/?p=1239#comment-49608 Of all, the last one seems the most interesting to me. Others are important too, but kind too trivial Of all, the last one seems the most interesting to me. Others are important too, but kind too trivial

]]> By: Joe Lish http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-47254 Joe Lish Thu, 01 Oct 2009 03:55:38 +0000 http://sixrevisions.com/?p=1239#comment-47254 I used the code below to protect wp-admin. Now all users who go to the main page are being prompted the the "WordPress Admin Access Control" password rather than the password assigned to their subsriber accounts. If they hit cancel several times, the login page that uses the subscriber info appears. Any ideas? AuthName "WordPress Admin Access Control" AuthType Basic AuthUserFile /homepages/**/********/htdocs/.htpasswd order deny,allow deny from all require valid-user # whitelist *****’s IP address allow from **.**.***.*** Satisfy Any I used the code below to protect wp-admin. Now all users who go to the main page are being prompted the the “WordPress Admin Access Control” password rather than the password assigned to their subsriber accounts. If they hit cancel several times, the login page that uses the subscriber info appears. Any ideas?

AuthName “WordPress Admin Access Control”
AuthType Basic
AuthUserFile /homepages/**/********/htdocs/.htpasswd
order deny,allow
deny from all
require valid-user
# whitelist *****’s IP address
allow from **.**.***.***
Satisfy Any

]]> By: Mas Dhani http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-47065 Mas Dhani Tue, 29 Sep 2009 10:18:41 +0000 http://sixrevisions.com/?p=1239#comment-47065 In addition for Wordpress security you need "Remove meta name generator WordPress" why? I think for avoid hacking by someone who want sabotage your wordpress. In addition for Wordpress security you need “Remove meta name generator WordPress” why? I think for avoid hacking by someone who want sabotage your wordpress.

]]> By: Steve http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-45773 Steve Fri, 11 Sep 2009 04:48:35 +0000 http://sixrevisions.com/?p=1239#comment-45773 From my research it seems like to use the media section you have to change the permissions on your server to 777 or 775? If you recommend not doing this then how do you get the media directory working? From my research it seems like to use the media section you have to change the permissions on your server to 777 or 775? If you recommend not doing this then how do you get the media directory working?

]]> By: Black Hattitude http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-45530 Black Hattitude Sat, 05 Sep 2009 19:04:53 +0000 http://sixrevisions.com/?p=1239#comment-45530 Thanks a lot for all these tips! Thanks a lot for all these tips!

]]> By: Jenny Miller http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-42895 Jenny Miller Tue, 28 Jul 2009 10:26:39 +0000 http://sixrevisions.com/?p=1239#comment-42895 This is great, and I really appreciate all of the information that you shared in this post! This is great, and I really appreciate all of the information that you shared in this post!

]]> By: Ivo Ivanov http://sixrevisions.com/wordpress/12-essential-security-tips-and-hacks-for-wordpress/#comment-42391 Ivo Ivanov Sun, 19 Jul 2009 15:18:27 +0000 http://sixrevisions.com/?p=1239#comment-42391 @Keith D Yes, it works on WP 2.8 Great post! @Keith D Yes, it works on WP 2.8

Great post!

]]>