10 Tipps, um WordPress Hack-Beweis. The Ultimate Guide.
Video How-to: 10 Tipps, um WordPress Hack-Proof
Nach Ihrem Blog gehackt macht keinen Spaß, und die Standard-WordPress-Installation ist nicht undurchlässig. Nicht nur, dass ein Blog gehackt zu Ausfällen führen, während Sie mit Ihrem Internet Service Provider das Problem zu verfolgen und sicherzustellen, dass es nicht wieder passiert, kann es auch bedeuten, verbringen Sie Zeit, zum Beispiel, bekommen Sie Ihre E-Mail-Client-Lösung korrekt wieder. Alles in allem wertvolle Zeit vergeudet.
Vorbeugen ist besser als heilen. Hier sind 10 Tipps, um WordPress Hack-Beweis.
What You Need
- ein WordPress-Installation
- die WordPress-Plugin, WP-phpmyadmin
- die WordPress-Plugin, WP-Security-Scan
- FTP-Zugang zum Server, auf dem Blog befindet
Bevor Sie beginnen
- Backup-Dateien, mit Ihrem FTP-Client
- Sichern Sie Ihre Datenbank mit wp-phpmyadmin. Wenn Sie nicht wissen, wie das zu tun, check this out diesem Video-Training, hier bei Guvnr.
Video: Sicher, Solid, Safe .. in 10 Schritten.
Sehen Sie sich das, äh, guvideo für eine bessere Vorstellung davon, wie dies zu tun.
Check out the_guv YouTube-Kanäle zu http://youtube.com/guvnrDOTcom
... oder wenn Sie nicht mit diesem, oder sogar, wenn du kannst, ist hier die Details belästigt werden ...
1. Upgrade WordPress. Um die neueste Version. Wenn Sie 2.7 oder höher verwenden, können diese von Ihrem Admin Dashboard getan werden, um die auf Knopfdruck automatisch. Achten Sie einfach auf den "Aktualisieren"-Button. Wenn Sie eine frühere Version verwenden, lesen Sie diese.
2. Update Plugins. Stellen Sie sicher, dass alle ihre neuesten Versionen aktualisiert werden. Wenn sie es nicht sind, sind Sie auf dem Plug-Admin-Seite mitgeteilt. Alte Versionen können ein Sicherheitsrisiko darstellen.
3. Change "wp_" Database Table Prefix. Ich benutze wp-Security-Scan, der dieselben Leute, dass die super-handy All In One SEO Pack, Semper Fi Web Design entwickelt. Einmal aktiviert, auf der linken Seite des Menüs, klicken Sie auf "Datenbank" in der "Security" drop-down. Die Seite, lädt Sie können auf einfache Weise das Präfix ändern. Wenn das nicht funktioniert, sondern werfen einen Fehler, dies zu tun: --
- i. Deaktivieren Sie alle WordPress-Plugins, als Vorsichtsmaßnahme.
- ii. Backup der Datenbank, wie im Video Guvnr's Tutorial.
- iii. Öffnen Sie die heruntergeladene *. sql-Datei mit einem Texteditor (wo * ist der Name der Datenbank.)
- iv. Suchen und ersetzen Sie alle Instanzen von Ihren "wp_" mit Ihrem neuen prefix.
- v. in Ihrem WordPress-Datenbank, Tropfen alle Tabellen. DO NOT DROP der Datenbank selbst, nur die Tabellen. Wp-phpmyadmin ist ein großes Plugin zu verwenden.
- vi. Still in Ihrem WordPress-Datenbank, importieren Sie Ihre neu *. sql-Datei geändert, die Sie bearbeitet, indem das Präfix. WP-phpMyAdmin oder ähnlichen wieder.
- vii. Öffnen und bearbeiten Sie Ihre wp-config.php Datei, in der Wurzel Blog Ordner, die Änderung der "$ table_prefix = 'wp_';" auf "$ table_prefix = 'yourNewPrefix_';".
- viii. Aktivieren Sie Ihre Plugins.
4. Löschen Sie Benutzer "admin". Just to make Hacker härter arbeiten, bin dieses. Erstellen Sie einen neuen Benutzer mit Administrator-Rechte, und geben dem User einen Nicknamen (für die Öffentlichkeit), die nicht der gleiche wie der Benutzername. Dann melden Sie sich, melden Sie sich erneut als der neue Benutzer, und löschen Sie den ursprünglichen Benutzer "admin".
5. Verwenden Sie ein Passwort Stronger. Bit offensichtlich, this one. Aufmischen mit Buchstaben, Ziffern und Sonderzeichen, Groß-und Kleinschreibung. Ich benutze RoboForm (und verschlüsselt) meine Passwörter, erinnern, und dass ist kostenlos.
6. Verstecken Sie Ihre WordPress-Version. Vom Ordner Ihres Themas, öffnen Sie "header.php", suchen Sie nach der Zeile ...
<meta name = "generator" content = "WordPress <? php bloginfo ( 'Version');?>" />
... und es löschen. Es hat keinen Sinn.
7. Stellen Sie sicher, WordPress Datenbank-Fehler ausgeschaltet sind. In den letzten WordPress-Versionen, sind sie standardmäßig deaktiviert. So aktualisieren.
8. Entfernen WP ID META-Tag. Löschen Tag von den WordPress-Kern. Nachdem Sie und aktivieren Sie laufen wp-Security-Scan, wird dies automatisch.
9. Erstellen Sie eine. Htaccess-Datei in "wp-admin /" Öffnen Sie eine neue Textdatei und fügen Sie diese ...
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
... Save the file as .htaccess and upload it to your "wp-admin/" folder, ie, to http://myblog.com/wp-admin/
10. Hide Your Plugins. If you're not sure whether they're hidden or not, navigate to http://myblog.com/wp-content/plugins. If you see a 404 error page, they're hidden. Otherwise, you'll see them listed. In that case, copy the following into a new .htaccess file, adding the file to your wp-content/ folder...
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress
Some web hosts don't allow you to administer .htaccess files. If that's the case, instead of using an .htaccess file to hide the list of plugins, create an index.html file. You can write something about restricted access in there, if you like. Either way, this file will prevent a plugin listing.
Now navigate to http://myblog.com/wp-content/plugins. They should be hidden.
After You're Done
Just to be thorough, and because a few things have changed...
- Backup your files again, using your ftp client.
- Backup your database again, using wp-phpmyadmin.
That's it. Your blog is more secure, and way less hackable. Go make content!
If you liked that ...
-
Set Up Unmanaged VPS BIBLE (4 Newbies) - Part 15: WordPress Setup & Updates from the Command Line
This how-to guide uses Subversion to download & install standalone WordPress blogs & their plugins, quickly and easily from your Linux command line interface, with simple updates thereafter. It also [...] -
Set Up Unmanaged VPS BIBLE (4 Newbies) - Part 14: Tweak Nginx for WordPress - Pretty URLs & WP Super Cache
For the blog platform WordPress to work properly with Nginx we need to tweak the web server configuration. This tutorial will enable both caching - integrating the WP Super Cache plugin - and activate pretty [...] -
Video How-to: Install WordPress - Nice 'n Simple
So you wanna blog, huh? And you've looked at the options, and like WordPress. Me too! And you like the expandability and personalisation that a WordPress standalone install gives, but are put off by the [...] -
Video How-to: Install & Configure a WordPress Plugin
One of the great things about the WordPress blog platform is how adaptable it is. Need some special functionality? There's bound to be a plugin - an extension - that will help. This tutorial, complete with [...] -
Wordpress Suicide Plugin: Clean a WP Database
How do you clean a Wordpress database of unwanted data, while retaining user or other select information? Strip out the database using phpMyAdmin? Sure. But a lazier option? WordPress Suicide. Suicide allows [...] -
WordPress Upgrade Error Solved - Fatal error: Cannot redeclare pclziputilpathreduction()
If you've tried upgrading a recent version of WordPress and received this error... Fatal error: Cannot redeclare pclziputilpathreduction() ...here's what you do. In a nutshell, deactivate the plugin "WordPress [...] -
Video How-to: Add a Favicon - EASILY!
If I had a Big Mac for every favicon tutorial out there, I'd be dead. But hey, I needed a favicon, so here's the ultimate how-to-fav [...] -
Firefox ScribeFire Plugin for Remote Blogging
So, if this works I'll have published a new post to guvnr.com, remotely, using Firefox's ScribeFire add-on. Here's how that works [...]
... maybe you'll like these?
If you liked that ...
-
Video How-to: Install & Configure a WordPress Plugin
One of the great things about the WordPress blog platform is how adaptable it is. Need some special functionality? There's bound to be a plugin - an extension - that will help. This tutorial, complete with [...] -
Video How-to: Install WordPress - Nice 'n Simple
So you wanna blog, huh? And you've looked at the options, and like WordPress. Me too! And you like the expandability and personalisation that a WordPress standalone install gives, but are put off by the [...] -
Wordpress Suicide Plugin: Clean a WP Database
How do you clean a Wordpress database of unwanted data, while retaining user or other select information? Strip out the database using phpMyAdmin? Sure. But a lazier option? WordPress Suicide. Suicide allows [...] -
Video How-to: Backup & Restore a Database with phpMyAdmin
Phpwhatnot? Aargh! Scary? It's not. How often do you backup your mySQL database? Does the idea fill you with horror? Or do you think the "full backup" option at your ISP covers the database too? If the [...] -
Hack WordPress, Edit More Default Comments & Save Time
This tutorial explains how to increase the default number of comments shown on the WordPress Admin Comments Editor page, by editing edit-comments.php. Dunno about you, but life's too short to be clicking thru' all [...] -
WordPress Upgrade Error Solved - Fatal error: Cannot redeclare pclziputilpathreduction()
If you've tried upgrading a recent version of WordPress and received this error... Fatal error: Cannot redeclare pclziputilpathreduction() ...here's what you do. In a nutshell, deactivate the plugin "WordPress [...]
... maybe you'll like these?
LunarPages suspended.page February 26th, 2009 at 5:12 pm
[...] you work with your ISP to track the problem and ensure it doesn’t happen again, it… More Categories: [...]
Sarah March 3rd, 2009 at 2:56 pm
Excellent tutorial. Blog security is one of the main concerns every blogger should know.
JC de Villa March 3rd, 2009 at 2:58 pm
I read your post, and found item 9 interesting (.htaccess) and its location. You should really put it in your blog root directory (or even your site root), so that indexes wont be visible... I suggest you look at your own directories for indexes, because some are a bit more exposed than they should.
RAzik March 3rd, 2009 at 3:01 pm
In the tip # 10, u told it will show "404 error page".
But i think if you disabled directory it will show "403 error page".
http://grautiger.wordpress.com/2009/03/10/datensicherung-fur-wp-blogs/ March 3rd, 2009 at 7:44 pm
[...] Wenn ich das mal habe *augenroll* wird DAS hier wohl mal Thema: Blog ein wenig gegen Hacks absichern: http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/ [...]
Herrin March 4th, 2009 at 12:17 pm
Thank you so much for this compact and easy to implement guide to WP security.
I use 2 plugins that help with security that you did not mention in this article.
The first is called WP-Optimize - allows you to delete post/page revisions, optimize the database and change the username from admin to anything you like.
The second is called Secure wordpress and it does some of the things that you mention above. Probably good for clients etc.
Thanks again and hope this adds something useful to the mix.
regards
Herrin
[Video] Ten Steps to Secure WordPress | PAULMYATT.COM March 6th, 2009 at 1:33 pm
[...] over at guvnr.com has produced a nice video on how to secure your WordPress [...]
Firewalling and Hack Proofing Your WordPress Blog « Lorelle on WordPress March 8th, 2009 at 5:09 am
[...] is news of a video and blog post by Guvnr called “10 Tips to Make WordPress Hack Proof. The effort involved tips from BlogSecurity’s popular WordPress Security Whitepaper, [...]
George Serradinho March 8th, 2009 at 8:43 am
Thanks for the tips, the list will definately help us users out there.
Firewalling and Hack Proofing Your WordPress Blog | WORDPRESS KNOWLEDGEBASE-PLUGINS-EXTENSIONS-TEMPLATES March 8th, 2009 at 5:18 am
[...] is news of a video and blog post by Guvnr called “10 Tips to Make WordPress Hack Proof. The effort involved tips from BlogSecurity’s popular WordPress Security Whitepaper, [...]
[Wordpress] 10 Steps to a Secure WordPress Installation | Technofriends March 8th, 2009 at 12:57 pm
[...] Guvnr has done an amazing job by bringing out a easy and simple to understand video which illustrates the 10 steps to secure your wordpress installation. [...]
Lonnie A March 9th, 2009 at 2:11 am
Dear Mr Guvnr,
Thank you so much for sharing your security blog video. I especially appreciated your tutorial on backing up a database using wp-phpmyadmin. The database is very frightening place to modify if one has no knowledge of navigating phpmyadmin.
Just to add a little bit of information regarding .htaccess on hosting web servers that enable safe mode on php. Some of us are unable to create and use .htaccess because of their server security policies.
Therefore here's something that I do to get around this problem. I create a cloaked web page of an affiliate site. If the so called hacker wants to spy my wp-content/plugins directory, they will be surprised to what they will find.
I simply upload a cloaked index.html page to hide the content of these important folders. So instead of viewing the contents of the folder they might be puzzled as to what they see. A live web site... Huh...?
I do to same for my themes folder as well. It works well for me and this is generally what I do to hide all my download products I buy and sell online too.
Again... thanks for your tutorial, it was very well explained and and hugely helpful.
the_guv March 8th, 2009 at 11:24 pm
@Herrin - WP-Optimize I like too. Need to use it, hmmn, must do that! Secure Wordpress I'll take a look at. Big cheers, appreciate the comment. Mix away m8.
getting loved up by Lorelle. Hey, how cool is that, big cheers girl.
@Lorrelle - wow, flattery indeed
@George - good to hear. mighty pleased.
@Techno, PaulMyatt & http://planet.wordpress.org/ , you have great taste in content, keep it up.
//the_guv
@Sarah - tx tx tx ... sorry, I almost forgot you! tssh.
…on protecting your WordPress Install… « Project:Dark Sky March 9th, 2009 at 4:32 am
[...] read this post about protecting your wordpress install and found item 9 interesting. To quote: Create an .htaccess [...]
Koichi Paxton March 9th, 2009 at 7:25 am
This is an amazing resource for anyone who is trying to secure your wordpress. I learned many tips for making my WP better protected from hackers. I will now make sure that all of my plugins are well hidden so that they can't access them.
Risorse per migliorare la sicurezza di WordPress | Bloggare March 9th, 2009 at 2:14 pm
[...] consigliata anche la visione di questo video che illustra come procedere alla messa in sicurezza del [...]
# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress... Save the file as .htaccess and upload it to your "wp-admin/" folder, ie, to http://myblog.com/wp-admin/
10. Hide Your Plugins. If you're not sure whether they're hidden or not, navigate to http://myblog.com/wp-content/plugins. If you see a 404 error page, they're hidden. Otherwise, you'll see them listed. In that case, copy the following into a new .htaccess file, adding the file to your wp-content/ folder...
# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # Prevents directory listing IndexIgnore * # END WordPressSome web hosts don't allow you to administer .htaccess files. If that's the case, instead of using an .htaccess file to hide the list of plugins, create an index.html file. You can write something about restricted access in there, if you like. Either way, this file will prevent a plugin listing.
Now navigate to http://myblog.com/wp-content/plugins. They should be hidden.
After You're Done
Just to be thorough, and because a few things have changed...
That's it. Your blog is more secure, and way less hackable. Go make content!
If you liked that ...
Set Up Unmanaged VPS BIBLE (4 Newbies) - Part 15: WordPress Setup & Updates from the Command Line
Set Up Unmanaged VPS BIBLE (4 Newbies) - Part 14: Tweak Nginx for WordPress - Pretty URLs & WP Super Cache
Video How-to: Install WordPress - Nice 'n Simple
Video How-to: Install & Configure a WordPress Plugin
Wordpress Suicide Plugin: Clean a WP Database
WordPress Upgrade Error Solved - Fatal error: Cannot redeclare pclziputilpathreduction()
Video How-to: Add a Favicon - EASILY!
Firefox ScribeFire Plugin for Remote Blogging
... maybe you'll like these?
If you liked that ...
Video How-to: Install & Configure a WordPress Plugin
Video How-to: Install WordPress - Nice 'n Simple
Wordpress Suicide Plugin: Clean a WP Database
Video How-to: Backup & Restore a Database with phpMyAdmin
Hack WordPress, Edit More Default Comments & Save Time
WordPress Upgrade Error Solved - Fatal error: Cannot redeclare pclziputilpathreduction()
... maybe you'll like these?
THE_GUV NEEDS YOU!!
.. to improve this post ..
Please clue me in. What's wrong or missing?
Or, hey, just pile on the praise ;) Ah, yup, and fix a feed, fella.
Or link the page to your social network!
thank you, thanx, tx, ta, t, tsst, twaddle, cheek, cheers, cheerio
LunarPages suspended.page February 26th, 2009 at 5:12 pm
[...] you work with your ISP to track the problem and ensure it doesn’t happen again, it… More Categories: [...]
Sarah March 3rd, 2009 at 2:56 pm
Excellent tutorial. Blog security is one of the main concerns every blogger should know.
JC de Villa March 3rd, 2009 at 2:58 pm
I read your post, and found item 9 interesting (.htaccess) and its location. You should really put it in your blog root directory (or even your site root), so that indexes wont be visible... I suggest you look at your own directories for indexes, because some are a bit more exposed than they should.
RAzik March 3rd, 2009 at 3:01 pm
In the tip # 10, u told it will show "404 error page".
But i think if you disabled directory it will show "403 error page".
http://grautiger.wordpress.com/2009/03/10/datensicherung-fur-wp-blogs/ March 3rd, 2009 at 7:44 pm
[...] Wenn ich das mal habe *augenroll* wird DAS hier wohl mal Thema: Blog ein wenig gegen Hacks absichern: http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/ [...]
Herrin March 4th, 2009 at 12:17 pm
Thank you so much for this compact and easy to implement guide to WP security.
I use 2 plugins that help with security that you did not mention in this article.
The first is called WP-Optimize - allows you to delete post/page revisions, optimize the database and change the username from admin to anything you like.
The second is called Secure wordpress and it does some of the things that you mention above. Probably good for clients etc.
Thanks again and hope this adds something useful to the mix.
regards
Herrin
[Video] Ten Steps to Secure WordPress | PAULMYATT.COM March 6th, 2009 at 1:33 pm
[...] over at guvnr.com has produced a nice video on how to secure your WordPress [...]
Firewalling and Hack Proofing Your WordPress Blog « Lorelle on WordPress March 8th, 2009 at 5:09 am
[...] is news of a video and blog post by Guvnr called “10 Tips to Make WordPress Hack Proof. The effort involved tips from BlogSecurity’s popular WordPress Security Whitepaper, [...]
George Serradinho March 8th, 2009 at 8:43 am
Thanks for the tips, the list will definately help us users out there.
Firewalling and Hack Proofing Your WordPress Blog | WORDPRESS KNOWLEDGEBASE-PLUGINS-EXTENSIONS-TEMPLATES March 8th, 2009 at 5:18 am
[...] is news of a video and blog post by Guvnr called “10 Tips to Make WordPress Hack Proof. The effort involved tips from BlogSecurity’s popular WordPress Security Whitepaper, [...]
[Wordpress] 10 Steps to a Secure WordPress Installation | Technofriends March 8th, 2009 at 12:57 pm
[...] Guvnr has done an amazing job by bringing out a easy and simple to understand video which illustrates the 10 steps to secure your wordpress installation. [...]
Lonnie A March 9th, 2009 at 2:11 am
Dear Mr Guvnr,
Thank you so much for sharing your security blog video. I especially appreciated your tutorial on backing up a database using wp-phpmyadmin. The database is very frightening place to modify if one has no knowledge of navigating phpmyadmin.
Just to add a little bit of information regarding .htaccess on hosting web servers that enable safe mode on php. Some of us are unable to create and use .htaccess because of their server security policies.
Therefore here's something that I do to get around this problem. I create a cloaked web page of an affiliate site. If the so called hacker wants to spy my wp-content/plugins directory, they will be surprised to what they will find.
I simply upload a cloaked index.html page to hide the content of these important folders. So instead of viewing the contents of the folder they might be puzzled as to what they see. A live web site... Huh...?
I do to same for my themes folder as well. It works well for me and this is generally what I do to hide all my download products I buy and sell online too.
Again... thanks for your tutorial, it was very well explained and and hugely helpful.
the_guv March 8th, 2009 at 11:24 pm
@Herrin - WP-Optimize I like too. Need to use it, hmmn, must do that! Secure Wordpress I'll take a look at. Big cheers, appreciate the comment. Mix away m8.
getting loved up by Lorelle. Hey, how cool is that, big cheers girl.
@Lorrelle - wow, flattery indeed
@George - good to hear. mighty pleased.
@Techno, PaulMyatt & http://planet.wordpress.org/ , you have great taste in content, keep it up.
//the_guv
@Sarah - tx tx tx ... sorry, I almost forgot you! tssh.
…on protecting your WordPress Install… « Project:Dark Sky March 9th, 2009 at 4:32 am
[...] read this post about protecting your wordpress install and found item 9 interesting. To quote: Create an .htaccess [...]
Koichi Paxton March 9th, 2009 at 7:25 am
This is an amazing resource for anyone who is trying to secure your wordpress. I learned many tips for making my WP better protected from hackers. I will now make sure that all of my plugins are well hidden so that they can't access them.
Risorse per migliorare la sicurezza di WordPress | Bloggare March 9th, 2009 at 2:14 pm
[...] consigliata anche la visione di questo video che illustra come procedere alla messa in sicurezza del [...]
Dispelled.ca » links for 2009-03-14 March 14th, 2009 at 10:01 pm
[...] 10 Tips To Make WordPress Hack-Proof [...]
purosangue March 23rd, 2009 at 6:52 pm
great job with the video, thank you for taking the time and to post it for everyone!!
the_guv March 24th, 2009 at 4:32 am
cheers Purosangue, lovely to hear. and you Koichi, top notch m8.
Lonnie, big tx for that. you throw up some cracking ideas there...hmmn, i feel another tutorial coming on!
**************************************
UPDATE TO THIS POST: I've had a few interesting emails about this tutorial, with yet more ways to secure a wordpress blog. Right now I'm working on a few other things but, in a couple of weeks, I'll update this post and the video to accomodate even more security tips.
If you've got something to throw into the mix, let me know and it'll help me to create the most comprehensive, cross-web server guide possible.
the_guv
papa April 8th, 2009 at 10:39 am
Thanks very much for the tutorial, it's been really informative for a newbie like myself.
I'm having trouble with the .htaccess file though and I'm wondering if it relates to what Lonnie A was having trouble with? When I upload the .htaccess file to the correct directory and then refresh my security scan plugin I get an error page reading 'Internal Server Error - The server encountered an internal error or misconfiguration and was unable to complete your request.' and I can't access my WP site at all unless I delete the file.
Thanks for any help you can give!
bob April 9th, 2009 at 2:19 am
Hi Need help i made a .htaccess page and it is uploaded to the wp-admin area and it is not stopping my plug-ins from showing up.
How can i fix this.
Thanks
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
Options -Indexes
# END WordPress
E-TARD April 11th, 2009 at 1:49 pm
thanks for the tips
the_guv April 11th, 2009 at 9:27 pm
@papa & @bob
- hey guys, tx for that. i've UPDATED "10. Hide Your Plugins" to reflect some problems a few folks have had, and hope that helps.
If you've still got problems, pls let me know.
@E-TARD. You're welcome
Grigoriy April 23rd, 2009 at 11:12 pm
Dear author,
Thank you very much for these useful tips collected in one place.
the_guv April 24th, 2009 at 1:10 pm
@Grigoriy - you are most splendidly welcome, and a big tx
Sicurezza Wordpress: 10 passi per renderlo a prova di Hacker | MarinoMichele.it April 30th, 2009 at 4:21 pm
[...] blog di Guvnr è stato pubblicato pochi mesi fa un articolo intitolato “10 Tips To Make WordPress Hack-Proof” (10 consigli per rendere WordPress a prova [...]
Sara May 6th, 2009 at 12:23 am
Thanks for this. I just spent $22.00 lastnight on an eBook that was probably a waste of money since the information is easily available online and less hassle with some of these wordpress plug-ins.
the_guv May 7th, 2009 at 6:29 am
@Sara - you're welcome. Damn, you actually spent money on an ebook!
Jessicalip May 10th, 2009 at 5:08 pm
I will leave a reply as soon as I try it Thank you
the_guv May 11th, 2009 at 1:46 am
@Jessicalip - hope it helps out. thanks to you.
ArianaBels May 13th, 2009 at 12:12 pm
Wow! Thank you! I always wanted to write in my blog something like that. Can I take part of your post to my site? Of course, I will add backlink?
the_guv May 13th, 2009 at 7:55 pm
@ArianaBels - pleased you like. Sure you can summarise and link to this post, and embed the video if you wish. Thank you for asking.
Cris May 18th, 2009 at 7:25 pm
I change from blogger to word press a week ago , since then i had to malware attacks. One was the famous gumblar.cn and another that I didn't even tried to figure out.
So Google banned me from the listings and I'm setting up all security measures this time.
Because I'm new at blogging, your tutorial (specially the video) was very useful.
Thank you!
the_guv May 19th, 2009 at 11:48 am
@Cris - sorry to hear that - sounds like a right nightmare you've had. Pleased to help and all the best with Pinche Pelicula.
Sicherheit von WordPress verbessern | Webseiten-Infos.de May 23rd, 2009 at 12:45 am
[...] zudem auf dieses Video “10 Tips To Make WordPress Hack-Proof” zu diesem Whitepaper auf guvnr.com aufmerksam [...]
Forbedre sikkerheden i WordPress - Hack-Proof « Tech.BusinessClass.dk June 13th, 2009 at 3:42 am
[...] http://www.guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/ [...]
akis June 14th, 2009 at 1:51 am
One of the best guides to create our wordpress hack proof...Bravo!!!Thumbs up!!
the_guv June 14th, 2009 at 6:45 am
big cheers akis - much appreciated
Deep Jive Interests » Security Updates-a-Plenty June 14th, 2009 at 5:29 pm
[...] http://www.guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/ [...]
johnstevens June 22nd, 2009 at 7:15 pm
п»ї
Hello,
Can I put this article to my site?
Thanks for the information
the_guv June 26th, 2009 at 6:25 am
@john - you're welcome to embed the video, intro the piece and link to the bulk, else buy me a fine single malt whiskey and I'll doubtless change my mind and you can have the lot. tx to you.
10 tips för att säkra din WordPress installation | June 29th, 2009 at 4:50 pm
[...] Guvnr kan man läsa om ett något äldre inlägg som ger 10 tips för att göra din WordPress [...]
Y094 July 15th, 2009 at 8:06 am
Thanks
the_guv July 15th, 2009 at 11:53 am
@Y094 hey, thank yo .. thank yo! .. geddit .. sorry, many thanks, Y094, appreciated.
john.conner July 16th, 2009 at 2:46 pm
Mostly I have Seen Only articles Its Good That you have included Video,
I would even Like To See Some SEO Guides
Méldodie July 18th, 2009 at 3:56 pm
Hello,
I join lots of thanks to all the preceeding ones.
I'll add a question you may find interesting, because all of my blogs aren't using Apachee as a server, but Lighttpd, so the .htaccess there has no effect (unless I install empty ones, thus making the plugin wp-security-scan content to see there is one where it seeks for it, otherwise comes the red warnings sent by the plugin).
Lighttpd not using .htaccess, as far as the blogs I have under this server are concerned, I followed thoses of your advices that were relevant. My question would be : is there anything else that's relevant, that could be done or checked when using Lighty ?
Thanks again
the_guv July 19th, 2009 at 11:16 am
@ Méldodie .. Good question. No idea 'cos I don't use Lighty with WP. I do use Nginx though and it's the same deal with that .. htaccess is irrelevant, so don't bother.
?? Anyone using non-Apache web servers that know of other tips ??
Protect your wordpress blog from hackers, secure your website | Hen Design Studio July 20th, 2009 at 7:11 am
[...] 10 Tips To Make WordPress Hack-Proof [...]
Brian July 21st, 2009 at 7:18 pm
After doing Step 9, my blogs got Internal Server Error 500. Deleting the .htaccess file fixed the problem. Is there something I'm missing?
I copied that text, pasted it into Notepad++, made sure there were no extra characters at the beginning or ends of all lines, saved as a normal text file. Uploaded to the wp-admin directory, and then renamed to .htaccess
At that point, I started getting the Internal Server Errors. When I deleted the .htaccess file from the wp-admin directory everything worked fine again.
I had 644 permissions which is the same as the .htaccess file already in the directory above.
Thoughts?
the_guv July 22nd, 2009 at 10:04 pm
@Brian .. hmmn, could be an issue with your httpd.conf, on the server. What does that say?
LauraManick July 23rd, 2009 at 11:56 pm
I cannot believe this will work!
the_guv July 25th, 2009 at 11:27 am
@LauraManick .. ye have little faith
FH August 7th, 2009 at 5:17 am
Great post.. I hope my blog never gets hacked.. thanks for the info
10 Tips To Make WordPress Hack-Proof. The Ultimate Guide. – GUVNR August 8th, 2009 at 9:40 am
[...] the original here: 10 Tips To Make WordPress Hack-Proof. The Ultimate Guide. – GUVNR Comments0 Leave a Reply Click here to cancel [...]
mugger August 15th, 2009 at 6:55 pm
I think there is still an exposure to malware, namely injection of at the bottom of root index.*, a file which even WP needs to start.
4 security links: Why you better secure your blog | STL Social Media Guy August 24th, 2009 at 2:16 pm
[...] 10 Tips To Make WordPress Hack-Proof. The Ultimate Guide guvnr.com | February 24, 2009 This is a must-read for keeping your blog safe, especially if you’re blogging in WordPress. I followed this one almost point-by-point. Complete with videos. [...]
debbie T September 1st, 2009 at 12:04 am
Hello! Thank you for this wonderful article.
I think I might have found the answer to Brian's problem, as I had the same issues with accessing my admin area after I created the new .htaccess file.
Anyway, I took another look at the code in the file, and I realized I copied the text from your article, but the code had line numbers in it.
ie: 7.# END WordPress
I deleted all the line numbers and now it works fine! Thanks!
Hope that helps Brian too!
the_guv September 1st, 2009 at 5:59 pm
@Debbie .. hey girl, good to hear.
Now look everyone, don't copy the ruddy line numbers! Top right of the code boxes there's an option to open the plain text .. so do, then copy from there. I know, easy when you know how.
Hey, Debbie, on your site .. beaut pic of that frog and the key. What a thing. Quite humbling.
joejonns September 2nd, 2009 at 3:29 am
txxx - keep up the good work.
Old WordPress Versions Under Attack « Lorelle on WordPress September 5th, 2009 at 12:34 am
[...] Guvnr – 10 Tips to Make WordPress Hack Proof [...]
ALERT: Old WordPress Blogs Under Attack | Zemalf September 5th, 2009 at 10:23 am
[...] Guvnr – 10 Tips to Make WordPress Hack Proof [...]
Oude WordPress installaties worden aangevallen : WordPress Dimensie September 5th, 2009 at 10:42 am
[...] Guvnr – 10 Tips to Make WordPress Hack Proof [...]
10 Tips To Make WordPress Hack-Proof. The Ultimate Guide. – GUVNR | WpMash - WordPress News September 5th, 2009 at 8:11 pm
[...] Follow this link: 10 Tips To Make WordPress Hack-Proof. The Ultimate Guide. – GUVNR [...]
Old WordPress Versions (prior to 2.8.4) Under Attack :: HTML Websites, Web Design, Splash Pages, Blog Headers, Wordpress Blogs, Blog Sites September 6th, 2009 at 3:58 am
[...] Guvnr – 10 Tips to Make WordPress Hack Proof [...]
Bill Bennett September 6th, 2009 at 5:41 am
I was going to work through this, but I fell at the first hurdle.
wp-phpmyadmin is only compatible up to Wordpress version 2.2.2
I'm running 2.8.4. Is there a workaround?
Bill Bartmann September 7th, 2009 at 12:45 pm
Cool site, love the info.
Defeating the Wordpress attacks « Tips from Idea15 Web Design September 8th, 2009 at 11:31 am
[...] 9 tips to make WordPress hack-proof (guvnr) [...]
the_guv September 16th, 2009 at 5:43 pm
@joejonns & @Bill Bartman .. many tx
@Bill Bennett .. sorry for delay, was on hols.
As I understand it, wp-phpmyadmin does work with WP, up to 2.8.4, despite saying it's compatible only up to 2.2.2.
Seems that the developers haven't upgraded the stylesheet yet, so it may look a bit odd, is all. When they do that, I guess they'll update the compatibility officially.
Alternatively, I've heard some good things about Adminer .. http://www.adminer.org/en/ , which entails uploading a single file to your server before having a php tool very like phpmyadmin. OK, yes, I know, that's not *quite* so handy as having a WP plugin version, as is the case with wp-phpwhatnot.
30 Incredibly Useful WordPress Hacks | Tutorial9 September 24th, 2009 at 3:04 pm
[...] Video How-to: 10 Tips To Make WordPress Hack-Proof [...]
NamrouD | Upgrade Your Mind ! » 30 Incredibly Useful WordPress Hacks October 6th, 2009 at 1:28 am
[...] Video How-to: 10 Tips To Make WordPress Hack-Proof [...]
Sorry for the Recent Downtime October 14th, 2009 at 5:24 pm
[...] you’ve never before given your WordPress-security much thought, check out the video here and install WP-DBManager and WP Security Scan. There are numerous resources on increasing the [...]
tomorrowland.com » tomorrowland virus killed October 16th, 2009 at 11:34 am
[...] I’ve wiped out the virus and cleaned up the database. I also implemented guvnr’s 10 tips to make wordpress hackproof. (Ok if that’s not offering a challenge to all the hackers out [...]
Install/Upgrade WORDPRESS with SUBVERSION - VPS Bible #15 - GUVNR November 7th, 2009 at 7:41 am
[...] 10 Tips To Make WordPress Hack-Proof. The Ultimate Guide. - GUVNR June 9th, 2009 at 11:37 am [...]
The 5 Minute Wordpress Security Audit « Tips from Idea15 Web Design November 23rd, 2009 at 6:15 pm
[...] 9 tips to make WordPress hack-proof (guvnr) [...]
UPDATE: How-to Install/Upgrade Nginx to 0.7.62 - VPS Bible - GUVNR November 25th, 2009 at 10:42 am
[...] may like to read my Video How-to: 10 Tips To Make WordPress Hack-Proof, which gives some WP-endorsed security tips. Specifically on a note about upgrading, you may also [...]