1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Securing your wordpress

Discussion in 'WordPress' started by Peyote, Jan 21, 2008.

  1. #1
    Here are a few basic things that you can implement to secure your blog and ease your mind :

    Use A Strong Password

    That’s the equivalent of the key for your home. A strong password should be having at least 8 characters and a random combination of letters, numbers and symbols. You can have it generated for you using a strong password generator (found easily on the web) or you can create your own. Just make sure you don’t forget it.

    Use A Robots File
    This is a plain text file that defines search engine access rules to the resources of your blog. You want to have one of those to prevent search engine bots (spiders) from indexing some sensitive part of your website. Among others, this file can avoid duplication of content issues and prevent your blog from being penalized.

    Simply create an empty text file called robots.txt and place it at the root of your web server (/www). Now edit this file and define its content. The syntax is quite simple :

    User-Agent defines a section of rules for one search engine spider (ex: Googlebot) or for all (*).
        Disallow precises the pages that should not be indexed by the spider.
        Allow indicates the pages that should be indexed by the spider.
    Code (markup):
    Here is the robots.txt file that I use :

    User-agent: *
        Disallow: /cgi-bin
        Disallow: /wp-admin
        Disallow: /wp-includes
        Disallow: /wp-content/plugins
        Disallow: /wp-content/cache
        Disallow: /wp-content/themes
        Disallow: /trackback
        Disallow: /feed
        Disallow: /comments
        Disallow: */trackback
        Disallow: */feed
        Disallow: */comments
        Allow: /wp-content/uploads
    Code (markup):
    I explicitly allow the content of my uploads to be indexed. This directory contains images and it can lead to extra traffic.

    Use The Latest Version Of WordPress
    With each new version of WordPress comes a list of new features, improvements and bug corrections. You want to make sure you are using the latest version of WordPress to benefit from fixes correcting possible security issues from previous versions.

    Keep The WordPress Version Hidden

    The default installation of WordPress shows the version you use on your blog pages (hidden to the readers but viewable when looking at the source code). It is advised to hide it : a hacker would love to have this information to research specific known flaws of the particular version you use.

    To remove the version information :
    * Edit the file Header located in your WordPress administration area under Presentation -> Theme Editor.
    * From the code, remove the line :
    <meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>”/>.

    Hope this was useful. Also, check out the wordpress secure plugin that I'm selling here :)
    Peyote, Jan 21, 2008 IP
    uglyboy likes this.