GREATEST POSTS
SUBSCRIBE

Exclusive BradBlogging Content!
Click the button and subscribe for free.

RECENT POSTS
August

23rd

Weekend Wordpress Security Tip: Restrict Your Wp-Admin

Filed under Security.
Amped Media - Join Today!

Although this security issue may be fixed in newer versions of Wordpress, your truly screwed if your password gets cracked by a hacker. Since Wordpress only requires one to get all the administrative privileges to your blog, it would be best to limit the /wp-admin/ folder to just yourself (by your IP address, see below). How you might ask? With .htaccess files.

The Fix:

*Note* - If you have a dynamic IP (meaning that your IP changes from time to time), this method will not work for you.. You could block yourself out of your own blog!

1. First, Determine your IP address from any free service, such as: WhatIsMyIp.com
2. Second, Download your .htaccess file from your blog server in the /wp-admin/ folder (Do NOT Replace it on your blog directory.. Only in the Wp-Admin Folder) and open it with Notepad++ (A free utility that makes coding and code editing a breeze).
3. Add the following code to the file:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xx.xx.xxx
</LIMIT>
4. Replace xxx.xx.xx.xxx with your IP address you found on the WhatIsMyIp.com website
5. Save the file and reupload to your server, and you should have full access to your blog, but nobody else will because they don’t have your IP.

Now you have one less thing to worry about in terms of security, hope you’ve enjoyed this Saturday tutorial!

Credits: http://www.reubenyau.com/

Disclaimer: Brad Blogging is not responsible for, and expressly disclaims all liability for, damages of any kind arising out of use, reference to, or reliance on any information contained within the site. While the information contained within the site is periodically updated, no guarantee is given that the information provided on this website is correct, complete, and up-to-date.

Thanks for visiting my blog! You may want to subscribe to my RSS feed so you will be able to get these personal blog tips for free!

4 Responses to Weekend Wordpress Security Tip: Restrict Your Wp-Admin

  1. Armand
    6:08 am on August 24th, 2008

    Cool, but it seems can’t work for me because I don’t have a dedicated IP address. In other words, my IP is dynamically changed. But this is a good tip to protect our wp blog.

    Armand’s last blog post..Google Adsense Website Temporarily Down

  2. bradblog
    6:51 am on August 24th, 2008

    @ Armand - Yea, No system is perfect, but since I have a dedicated IP, it works out well. I thought I’d pass the info on to someone that has a dedicated IP for some extra security :)

  3. Justin Wright
    10:39 am on August 25th, 2008

    Yeah that seems like a good way to prevent hackers. Unfortunetly it would not work for me since I write my blog posts from all over the place. I rarely use the same ip, or laptop for that matter. But it is still a goot idea.

  4. Saturday Weekend Security Tip: Remove This Useless Tag | Brad Blogging
    3:20 am on August 30th, 2008

    [...] it up in Notepad++ (That I Recommended Last Post) and find the line that says: meta name=”generator” content=”WordPress <php [...]

Leave a Reply