Free Report
Pages
Recent Posts
- Everything You Need To Know About Blogging
- Make a Video From Your Article
- Why not try SitePal for free?
- A Slideshow for Your Website
- Get a Favicon for Your Website
Categories
Archives
- June 2010 (1)
- February 2010 (1)
- January 2010 (1)
- November 2009 (1)
- October 2009 (1)
- September 2009 (1)
- August 2009 (1)
- July 2009 (4)
- June 2009 (1)
Sponsors
Deal Dot Com
Subscribe
Get your Report on
Unique Blog Content
I'll also keep you up-to-date on the latest easy-to-use scripts for your website or blog.
Just enter a valid email address, then click the Green Button below. Allow the next page a few seconds to load.
Your Privacy Is Assured: I will NEVER share your email address with anyone ... ever!
Directories
RSS Feeds
Bookmark / Share
Related Sites
July 20, 2009
Since WordPress is one of the most popular pieces of software on the internet, hackers are constantly looking for ways to exploit it. Googling “wordpress zero day exploit” returns 115,000 results, which shows a serious need for security measures.
I was recently given access to a new WordPress plugin which claims to be very effective in protecting you from hackers. I discovered that the method used in this plugin was not only ridiculously simple, but actually inferior to a method I have been using for years.
The most vulnerable point of access that hackers have to your WordPress blog is through the wp-content folder. This folder contains all the scripts used by your themes and your plugins. A hacker ( or his robot ) need only enter the following into the ‘Address Bar’ in order to discover the names of all the files in the folder:
http://YourBlogName.com/wp-content/themes
WordPress does not protect you against such access.
The plugin that I reviewed protects this point of entry by “fooling” hackers with a copy of the standard Apache ‘500 Internal Server Error’ page. This fake page is uploaded as ‘index.html’ to both the ‘plugins’ and ‘themes’ folders, so it is “seen” by the hacker software when it attempts access.
Now for my “old-school” method, which I will show you for FREE.
There is a file in the root directory of your blog called .htaccess This file contains coded instructions for your browser to follow before uploading your blog. It already contains code that tells the browser how to access your blog pages. All you have to do to protect your wp-content folder is insert the following code BEFORE the code that’s already there.
# Denies access to directories
Options All -Indexes
That’s all!
This code tells the browser not to let anyone access the index file of any directory, so a hacker will not be able to read the names of the files in your wp-admin folder, and thus not be able to access them. If the hacker software attempts access, it will “see” either a real Apache ‘403 Forbidden’ error page, or just a blank page.
