Tips to Protect WordPress Installation

Protect WordPress installation

Protect WordPress installation

I just came across Matt Cutts’s Three tips to protect your WordPress installation.  So I thought I  had better look into it.  Admittedly the article was written in 2008 but being Matt Cutts, the safety information might still be useful. And needful.

How to Protect WordPress Installation

1) Lock down /wp-admin/

This was Matt’s first tip. For protection from being hacked.  It uses a .htacess file to be place at /wp-admin/.htaccess

Me: I didn’t do this.  Was just a bit too hard for me to contemplate doing.  I dont’ know enough about .htaccess. And I worry that should I work at another location or travel, I would have forgotten about this and panic that I cannot access my own site!

My suggestion: read Matt’s article!

2) Prevent hacking via your plugins

Matt advises to make an empty index.html file and put it into /wp-content/plugins/

This is to prevent someone being able to hack your blog via any out-of-date plugin you might have.

Me: I already have such a file. Because I run on Genesis platform (parent theme) and my child theme (Prose) is similarly already protected. 🙂

3) Subscribe to WordPress Development blog to get the latest WordPress security patches.

Me: ok …

4) Hide your WordPress version
OK, Matt lied. He had 4 tips in his article!

In your (child) theme, look for the header.php file.
In that file, search for line that looks like:

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please –>

Delete that line! .. or at the very least, the bloginfo(‘version’)

Why? Because if you are running an older version of WP, hackers can view source and determine what attacks can be made against your blog.

Me: I didn’t have a header.php 🙂
I run on Genesis platform (parent theme) with Prose as my child theme (here).

And some themes don’t have a header.php (nor a footer.php); they can run entirely on hooks.



Enjoyed this post?

Easily subscribe to keep get all new postings via email. No We Don't Serve Spam - Ever!

We respect your privacy

Your Comments? Tips to share?