Do you run a WordPress blog? Do you know how you can protect your WordPress installation? In this post we cover three simple but effective ways to protect the installation as suggested by Matt Cutts.
First off, you need to secure your “/wp-admin/” directory. One option is to lock down the directory “/wp-admin/.” This enables only selected IP addresses to access your directory. For instance, if you use a .htaccess file you can put it in the following manner “/wp-admin/.htaccess.”
Here’s how Matt’s directory looks like:
Picture Credits: Matt Cutts
The file’s instructions convey that only IP address 184.108.40.206 in addition to a couple of other which you permit can access /wp-admin/, the rest cannot.
Second, create an empty wp-content/plugins/index.html file. This can help you prevent a leakage of information about the plug-ins you run. A hacker can exploit you if he or she finds out that the plug-in you run is an outdated one.
Finally, it is worthwhile to subscribe to the WordPress Development blog as whenever WordPress fixes a security flaw or even when they release a fresh version they announce it on the blog. As soon as you see a security fix launched, download the patch or else the consequences could be serious.