hardening wordpress

wp-config.php

define('DISALLOW_FILE_EDIT', true); //disable editors

Change the wordpress database table prefix

$table_prefix  = 'somethingelse_';

.htaccess – wordpress root

WordPress redirect error when protecting login page

ErrorDocument 401 default

Password protect wp-login

AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /pathto/.htpasswd
AuthName "pagename"

<Files "wp-login.php">
    require valid-user
</Files>

 

.htaccess – block IP for wp-login.php

<Files wp-login.php>
 order deny,allow
 deny from all
 allow from 00.000.00.0
</Files>

.htaccess – block IP for wp-admin

# Block access to wp-admin.
order deny,allow
deny from all
allow from 00.000.00.0

Install Sucuri plugin

Does all lot of the above.

functions.php

go away wordpress header stuff

References

wp security

codex.wordpress.org/Changing_File_Permissions

codex.wordpress.org/Editing_wp-config.php

codex.wordpress.org/Hardening_WordPress

Sucuri wordpress-and-server-hardening-taking-security-to-another-level

wordpress.org/extend/plugins/browse/top-rated/

popular posts plugin contains timthumb.php vulnerability.

digwp.com/2012/09/secure-media-uploads

Advertisements