Hi guys, I recently had my wordpress hacked, so I had to find how to secure it. I want to share what I learned. It's actually easy, here is what you do. 1. Restrict logging in only to yourself Add the following in your .htaccess file in wordpress root directory: <Files wp-login.php> Order Deny,Allow Deny from All Allow from 181.181.181.181 </Files> Code (markup): (81.181.181.181 is your IP!) 2. Restrict all access to wp-admin directory Create a new .htaccess file in wp-admin directory and add the following: Order deny,allow Deny from all Allow from 181.181.181.181 Code (markup): 3. Disallow all access to .php files in wp-content directory Again, create .htaccess file now in wp-content directory and add the following to it: <FilesMatch "\.php$"> Order Deny,Allow Deny from All Allow from 181.181.181.181 </FilesMatch> Code (markup): This seems to have secured it. I haven't had any new hack incidents even with old versions of wordpress.
Then you get a DynDNS account, make yourself myname.dyndns.org and put it in "Allow from myname.dyndns.org".