Would you like to get paid for signing up for a web hosting plan with Bluehost.com?
Powered by MaxBlogPress 

Monetize your website with Chitika eMiniMalls
Powered by MaxBlogPress 

Tips from Matt Cutts to protect WordPress installation

Posted on January 25, 2008
Filed Under Wordpress |

If you've enjoyed reading this post then please subscribe to my Full Text RSS Feed.

Since my site was hacked yesterday, I have been paying more attention on making my WordPress blog more secure from hackers. For starters, I have upgraded to WordPress 2.3.2 which fixes some major security flaws. I also googled to find out if there are other tips I can implement to protect my blog from further attacks. I came across Matt Cutts’ post on how to protect your WordPress installation. For those of you who don’t already know, Matt Cutts works for Google and is the head of Webspam team. He has also posted many videos on YouTube which are really worth watching if you are into SEO.


Here is a summary of the post.

1. Secure your /wp-admin/ directory by locking down /wp-admin/ and allowing only certain IP addresses to access the directory. You do that by using an .htaccess file and place the file in the /wp-admin/ directory. You can define your whitelist IP addresses in the .htaccess file. See example below.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27

2. Make an empty wp-content/plugins/index.html file. Otherwise you leak information on which plug-ins you run. If someone wanted to hack your blog, they might be able to do it by discovering that you run an out-of-date plugin on your blog and then they could exploit that.

3. Subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ . When WordPress patches a security hole or releases a new version, they announce it on that blog and you can upgrade accordingly.

4. In the header.php file for your theme, you might want to check the meta tag which shows the blog version

bloginfo(’version’)

Delete that line or at least the bloginfo(’version’). If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog.

Thank you Matt Cutts for your invaluable tips on securing WordPress.

(Full post can be found at http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/)

Sphere: Related Content

Other Related Posts:

  • Securing your WordPress installation
  • WordPress spam-fighting plugin
  • Psychic Search WordPress plugin
  • Web site hacked
  • WordPress for iPhone


    • If you've enjoyed reading this post then why not subscribe to received updates by email.

    Enter your email address:

    Delivered by FeedBurner

    Email This Post Email This Post

    Trackback This Post

    Comments

    4 Responses to “Tips from Matt Cutts to protect WordPress installation”

    1. Danny Foo on January 29th, 2008 10:55 am

      Ouch, getting hacked sure is painful.

      But many thanks for sharing about the plugins thing. I seriously didn’t know about this and feel it should be shared to other bloggers.

      I’ll share this finding on my blog tonight. :)

    2. Planet Malaysia on January 29th, 2008 1:42 pm

      Putting a white list is slightly difficult unless you know all range of IP address taht you may access from.

    3. cebu seo contest on August 29th, 2008 6:13 am

      thanks for this tips.

      cebu seo contest’s last blog post..Cebu Seo Contest by capiz bloggers participants

    4. Wordpress Blog Hacking Prevention | Websites Made Simple on November 10th, 2008 1:29 am

      [...] wrote in another post later of tips she found from Matt Cutts (Google employee) to your protect Wordpress blog. And I seriously never noticed how much Wordpress may be lacking in [...]

    Leave a Reply