Play GB
June 30, 2016 – Simple steps to protect your wordpress
It's been awhile since I posted something on PlayGB's blog. We are finishing a new game, and we had to do some changes and updates on the website, that's why I was so busy to update the blog.
Well, in this article I will teach you simple ways to protect any website, mainly wordpress installations because in the last years, wordpress installations are being targeted by brute force attacks in the wp-login.php and wp-admin.
The first PlayGB website was created with wordpress, so, in those days we used some plugins to change the wp-admin URL, but these plugins have some bugs and the attacker may bypass the protection. Using plugins is not the best way to protect your wordpress, because it may consume memory and space in your host. Let's describe below some steps to protect your wordpress:
1) Block wp-login.php using .htaccess
Just create a .htaccess file in your server with the following lines:
<files wp-login.php>
order deny,allow
deny from all
allow from your.ip.goes.here
</files>
It's recommended to do the same with xmlrpc.php, if you don't use this file, just block it too, because this file is a target for DDOS attacks.
2) Use .htaccess to protect wp-admin directory with a password.
This is recommended, because there are some files inside wp-admin folder that may be exploitable too. To protect this folder with a password, just create a .htaccess file inside this folder with the following lines:
AuthType Basic
AuthName "Protected Folder"
AuthUserFile "/path/to/your/.htpasswdfile"
Require valid-user
With the steps above you can protect your wordpress installation but they can be used in any CMS too, just change the files and folders to be protected. I think these steps are the best way, because you don't need to install plugins.
Well, in this article I will teach you simple ways to protect any website, mainly wordpress installations because in the last years, wordpress installations are being targeted by brute force attacks in the wp-login.php and wp-admin.
The first PlayGB website was created with wordpress, so, in those days we used some plugins to change the wp-admin URL, but these plugins have some bugs and the attacker may bypass the protection. Using plugins is not the best way to protect your wordpress, because it may consume memory and space in your host. Let's describe below some steps to protect your wordpress:
1) Block wp-login.php using .htaccess
Just create a .htaccess file in your server with the following lines:
<files wp-login.php>
order deny,allow
deny from all
allow from your.ip.goes.here
</files>
It's recommended to do the same with xmlrpc.php, if you don't use this file, just block it too, because this file is a target for DDOS attacks.
2) Use .htaccess to protect wp-admin directory with a password.
This is recommended, because there are some files inside wp-admin folder that may be exploitable too. To protect this folder with a password, just create a .htaccess file inside this folder with the following lines:
AuthType Basic
AuthName "Protected Folder"
AuthUserFile "/path/to/your/.htpasswdfile"
Require valid-user
With the steps above you can protect your wordpress installation but they can be used in any CMS too, just change the files and folders to be protected. I think these steps are the best way, because you don't need to install plugins.
© PlayGB.com - Free online games - Blog
