Weekend Wordpress Security Tip: Restrict Your Wp-Admin

Although this security issue may be fixed in newer versions of Wordpress, your truly screwed if your password gets cracked by a hacker. Since Wordpress only requires one to get all the administrative privileges to your blog, it would be best to limit the /wp-admin/ folder to just yourself (by your IP address, see below). How you might ask? With .htaccess files.

The Fix:

*Note* – If you have a dynamic IP (meaning that your IP changes from time to time), this method will not work for you.. You could block yourself out of your own blog!

1. First, Determine your IP address from any free service, such as: WhatIsMyIp.com
2. Second, Download your .htaccess file from your blog server in the /wp-admin/ folder (Do NOT Replace it on your blog directory.. Only in the Wp-Admin Folder) and open it with Notepad++ (A free utility that makes coding and code editing a breeze).
3. Add the following code to the file:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xx.xx.xxx
</LIMIT>
4. Replace xxx.xx.xx.xxx with your IP address you found on the WhatIsMyIp.com website
5. Save the file and reupload to your server, and you should have full access to your blog, but nobody else will because they don’t have your IP.

Now you have one less thing to worry about in terms of security, hope you’ve enjoyed this Saturday tutorial!

Credits: http://www.reubenyau.com/

Disclaimer: Brad Blogging is not responsible for, and expressly disclaims all liability for, damages of any kind arising out of use, reference to, or reliance on any information contained within the site. While the information contained within the site is periodically updated, no guarantee is given that the information provided on this website is correct, complete, and up-to-date.

Related posts:

  1. Weekend Wordpress Security Tip: Index.html
  2. Saturday Weekend Security Tip: Remove This Useless Tag
  3. Weekend Wordpress Security Tip: What To Do When Your Blog Is H4CK3D
This entry was posted in Security and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Enjoy this post? Theres more to come, so click here to subscribe to our RSS Feed.

3 Comments

  1. Armand
    Posted August 24, 2008 at 6:08 am | Permalink

    Cool, but it seems can’t work for me because I don’t have a dedicated IP address. In other words, my IP is dynamically changed. But this is a good tip to protect our wp blog.

    Armand’s last blog post..Google Adsense Website Temporarily Down

    Reply
  2. bradblog
    Posted August 24, 2008 at 6:51 am | Permalink

    @ Armand – Yea, No system is perfect, but since I have a dedicated IP, it works out well. I thought I’d pass the info on to someone that has a dedicated IP for some extra security :)

    Reply
  3. Justin Wright
    Posted August 25, 2008 at 10:39 am | Permalink

    Yeah that seems like a good way to prevent hackers. Unfortunetly it would not work for me since I write my blog posts from all over the place. I rarely use the same ip, or laptop for that matter. But it is still a goot idea.

    Reply

One Trackback

  1. By Saturday Weekend Security Tip: Remove This Useless Tag | Brad Blogging on August 30, 2008 at 3:20 am

    [...] it up in Notepad++ (That I Recommended Last Post) and find the line that says: meta name=”generator” content=”WordPress <php [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv Enabled

626 RSS Subscribers

Subscribe today to recieve any updates on this blog for free!

You'll also receive, "The Blog Manual" free of charge for being a subscriber which you can download at the bottom of each post.

 


Blog Advertisers

About The Author

Brad Ney

I am a Wordpress enthusiast, part-time website designer, and enjoy using the latest technology via the internet for website promotion.I enjoy writing about startup websites, XHTML, CSS, Wordpress based on what I've learned in the industry.

Become A Facebook Fan!

Reader Poll

  • Are you a...

    View Results

    Loading ... Loading ...

Recent Comments

  • Jayce: Long time did not optimize my blog already. Does this speed up a lot? .-= Jayce´s last blog ..How to...
  • JR @ Internet Marketing: Just became a fan! .-= JR @ Internet Marketing´s last blog ..The Ultimate and Best...
  • Sadia Malik: Hi, Thanks for the tips, I browsed the internet for some ready made templates but they dont quite seem...
  • recklessbliss: Hi, thanks for the info but I’m still at a loss about what exactly C.S.S. framework is. Your...
  • Gomez the windshield monkey: Brad, Nice tip. I find I struggle with this, though. For me, this is advanced PHP...

Leave A Comment - Reap The Rewards

  • CommentLuv will fetch your last post - Free publicity!
  • NoFollow Removed - Free backlink from each post you comment on!
  • Choose to be notified of replies made to your original comment!
  • Share your prospective while learning new things and have fun meeting the community.
  • Have a question? I answer every comment with a personal response.