WordPress Hacked Can’t Login

Thursday, September 6th, 2007 at 1:27 am

Hide the version of WordPress Header tag

Despite having removed the data from the version of WordPress goal of your theme, you might get WordPress line version of the page returned by the blog software. The culprit is, of version 2.5 of WordPress has added a feature to generate this code.

Add the following line to the functions.php file in the theme directory (create a blank PHP file with this name if your issue is not already have one)

1 <? Php remove_action ('wp_head "Wp_generator');?>

Importantly, even with all the above into practice, there is no guarantee that your blog be safe. Only the possibility to decrease tremendously and discourage these targeting cookie in your blog

WordPress Administration Protecting Files

WordPress administration files reside in wp-admin directory of your installation of WordPress, except wp-config.php. The latter contains basic settings for WordPress can not be modified through the panel.

You can use. Htaccess to restrict access and allow only specific IP address for this directory and file. If you have a static IP address and always the blogs of your computer, this may be an option.

Note also can allow access from an IP range. See the Apache documentation mod_access for Full instruction on how to configure this option.

You need to put a. htaccess in wp-admin.

Example:

1 2 3 Order Deny, Allow Allow from all Deny ww.xx.yy.zz

Protection wp-admin directory with the combination of user and password also adds another level of security. Apache has full information on authentication, authorization and access control.

Example:

1 2 3 4 AuthType Basic AuthName "WordPress Dashboard" AuthUserFile / home / user /. Htpasswds / Blog / wp-admin / .htpasswd require user adminuser

and then generate the encrypted password with the command htpasswd.

$ 1 htpasswd-cm. Htpasswd adminuser

cPanel has a feature called Web Protect what you can do the same.

If you implement all of the above, you must access wp-admin directory of the IP address allows adminuser authenticate normally and then go to your desk with your WordPress admin account WordPress (myadm).

No directories must be available for navigation

By default on most hosting index directories displayed in web browsers. This has a purpose, but it also means that you disclose the contents of any directory that has no index.html or index.php.

Changing this behavior is easy with Apache, just add the following line of code in the htaccess. File in the root directory (the same place the file wp-config.php).

Use Secure login through encrypted channels

WordPress users who have enabled SSL for your domain (Talk to your host about this first. You will not have this by default!) Should use the encrypted channel to access the WordPress Dashboard. You can force sessions through HTTPS admin FORCE_SSL_ADMIN variable value in wp-config.php to true.

Copy and paste this into your wp-config.php file.

1 define ('FORCE_SSL_ADMIN, true);

Restrict access to the files to the wp-content

The wp-content directory contains theme files, images and plugins. WordPress has no access to PHP files in the directory of plugins and themes through HTTP. Applications will only browsers Site are for image files, javascripts and CSS.

For that reason, you can restrict wp-content to only allow file extensions, but not PHP or any other file extensions. This prevents people from accessing the files directly.

Include the following lines in htaccess wp-content.:

Order Allow, Deny

Deny from all

< Files (jpg | gif | png | js | css)?. $? ~>

Allow from all

</ Files>

href = "http://www.amenext.com/wordpress/hide-wordpress-version-in-the-header-tag/" title = "Online Tutorial"> For more on WordPress Hide Version header tag

About the Author

High PR edu blog links Best free Linux tutorials

How to Cheat at Bejeweled Blitz on Facebook - Updated 21st of May 2010