In the latest statistics in 2012 has been breached more than 117,000 known location using WordPress to mention the sites unknown, No. alarming really where 82.1% of the users of Wordpress Blogs are not they aware of how they work to protect their blogs from the hack, and on this basis this post will help to providethe first step in the protection of random hack forums and security remains the most important steps that you must apply to your WordPress blog
Protection Wp-admin folder
This step is to determine the IP address of one in order to log on to the path of wp-admin, and so you will prevent the hacker to guess the password entry admin the fact that it must be has the same IP that you specified in the htaccess file. Of course if ip variable hurt you, you should change every time the htaccess file. Before logging on and it creates a new file htaccess. These values have been added
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
allow from *********
Second point, that can also be followed in the case if you have several managers of the site is by placing a firewall for the file through Cpanel location where after you logged in for Cpanel Click on the tab Password Protect Directories.
Select the folder that you want to protect Put username and Basord So when you want to access a folder Wp-admin will ask you first enter a user name and password before allowing you to enter the file wp-admin and login name entry and Basord management WordPress weblog.
Protection wp-config.php file
This file is responsible for communication with the Code server site, and that this file contains sensitive data to the site as the database information, you must file protected by htaccess. And it creates a new file htaccess. Add this data
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Prevent browsing tracks
Of the important points that you must also be applied on your blog is to prevent visitors from browsing the site because it tracks allow an attacker to learn more on additions to existing forums and publications ... This in order to prevent browsing path enough that you add this line to the htaccess file. That you created
Options -Indexes
wp-content
This file is available on-site additions, images, templates, and it hacker can be looking for loopholes present in your additions to this, and in order to prevent it from browse this path, you must add these lines at the bottom to the htaccess file.
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
Htaccess protection.
You can it's a crazy idea, but necessary in order to hide the htaccess file. Eyes of the hacker, he does not have a file in order to waste their time in a vacuum, and have it by hiding any word beginning with hta, just add this line to the file
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
Plugins additions
Of traps which it is located as well as bloggers on Blogs Word Press is a frequent use of additives plugins which makes the site more threatening Madame that hackers are looking as well as security gaps present in these additions which allow them hacked blog, and it must be used only additions famous that occur Basmtarar but I advise you if your blog is well-known , but used only non- free or additions programmed specifically for you which Thoudybada'm and update, as well as minimizing the additions to the extent possible in order to minimize risk.
Delete version Alordberas
This is necessary in order to prevent hackers from accessing you through the search engines , especially Google , as the hacker after he discovers or gets a gap in particular by issuing specific roses price prescribed in the search for blogs that use the same version by searching for the so-called b dork latter which his Seidahr all blogs that use the same version and will begin to exploit the gap on blogs , one after the other and there is a high probability that the forums as well as victims and therefore you must delete the blog version by going to the functions.php file , add the following line :
remove_action('wp_head', 'wp_generator');
Protection of SQLi attacks
Most attacks implemented by the hacker as he tries to access the database by location codes in the injection code or links as well as through the site and input it to prevent these attacks first went to this path in your blog: wp-content/plugins
Add folder named blocksqli the file was inside Add file blocksqli.php and that will contain the following code:
<?php
global $user_ID;
if($user_ID) {
if(!current_user_can('level_10')) {
if (strlen($_SERVER['REQUEST_URI']) > 255) {
@header("HTTP/1.1 414 Request-URI Too Long");
@header("Status: 414 Request-URI Too Long");
@header("Connection: Close");
@exit;
}
}
}
if (strpos($_SERVER['REQUEST_URI'], "eval(") ||
strpos($_SERVER['REQUEST_URI'], "CONCAT") ||
strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
strpos($_SERVER['REQUEST_URI'], "base64")) {
@header("HTTP/1.1 414 Request-URI Too Long");
@header("Status: 414 Request-URI Too Long");
@header("Connection: Close");
@exit;
}
?>
As you notice, we've added plugin of the Code to protect them from attacks sqli you now to the activation of the addendum to the control panel.
Blog Update
Reload this blog is always to the latest version, it makes you always maximum protection from security vulnerabilities, for this you should always follow the new versions of Wordpress Blogs either through the site code official wordpress or through other technical codes or Forum
Protection of the Google search engine:
As long as we're talking about hack random, it means that you must protect your blog from Google search engine, the latter which helps hackers heavily on the hack by obtaining sensitive information, are archived on Google, for this then you have to protect the tracks sensitive to your site from being archived in the Google search engine by adding this line to the robot.txt
User-Agent: *
Disallow: /wp-*
I hope that I have carried out in the protection of Wordpress Blogs, of course, do not forget to mention something important, if the hacker's determination to penetrate your site Vsicom the so all you can is to make it difficult to him.Thank you
