Chinaunix首页 | 论坛 | 博客
  • 博客访问: 575688
  • 博文数量: 207
  • 博客积分: 10128
  • 博客等级: 上将
  • 技术积分: 2440
  • 用 户 组: 普通用户
  • 注册时间: 2004-10-10 21:40
文章分类

全部博文(207)

文章存档

2009年(200)

2008年(7)

我的朋友

分类: 系统运维

2009-04-05 21:38:23

1 ) Remove WordPress version information

Most WordPress theme include the WordPress version information in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.

To remove the WordPress version information, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like

2 ) Stop

Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, you can install the . This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

3 ) Encrypt your login

Whenever you login into your blog, your password is sent unencrypted. If you are on a public network or using a Wifi, hacker can easily ‘sniff’ out your login credential using network sniffer. One of the best ways is to encrypt your login with the Chap Secure Login plug-in. This plug-in adds a random hash code to your password and authenticate your login with the CHAP protocol.

4 ) Hide your plugins folder

If you go to your you can see a list of plugins that you are using for your blog. You can easily hide this page by uploading an empty index.html to the plugin directory.

Open your text editor. Save the blank document as index.html.

Using a ftp program, upload the index.html to the /wp-content/plugins folder.

5 ) Use a strong password

Make sure you use don’t use a weak password that is easy enough for others to guess. Be safe, use alpha numeric; if possible use special characters also to form your password. You can also use the password checker available in WordPress 2.5 and above to check the strength of your password.

6 ) Do a regular security scan

Install the wp-security-scan plugin and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.

7 ) Protect your wp-admin folder

Your wp-admin folder contains all the important information and it is the last place that you want to give access to others. Use Wordpress plugins like to password protect the directory and give access right only to authorized personnel.

” />

Delete it and press Update File.

Another solution involves a plug-in that sets up a secondary new version.

Update: In WP2.6 and above, WordPress automatically includes the version in the Wp_head section. To fix this, you can simply install the WP-Security Scan plugin.

8 ) Change your login name

Admin is the default username provided by Wordpress. It would be difficult for the hackers to crack your password if they don’t know what your username is.

In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.

Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion.

9 ) Backup Your Wordpress Database

No matter how secure your site is, you still want to prepare for the worst. Install the wp-database-backup plug-in and schedule it to backup your database daily.

10 ) Define User Privilege

If there is more than one author for your blog, you can install the role-manager plug-in to define the capabilities for each user group. This will give you, the blog owner, the ability to control what users can and cannot do in the blog.

11 ) Upgrade to the latest version of WordPress and plug-ins

You need to keep your on your plug-in/widget, theme, and Wordpress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier. Probably the first thing you should do! Install the Instant Upgrade Plugin or the Wordpress Automatic Upgrade Plugin. Make sure you back everything up before performing the upgrades.

12 ) Stop worrying about wp-config.php

Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:

deny from all

This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.

13 ) Do not allow anyone to search the entire directory

a) WPdesigner advices not to use the following search code in search.php

Nobody should be allowed to search your entire server, or? Use this one instead:

b) Block WP- folders from being indexed by search engines, the best way to block them in your robots.txt file. Add the following line to your list:

Disallow: /wp-*

Cheers!!

阅读(434) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~