Many famous blogs have been hacked and defamed before. To avoid the 
same disaster from happening to your own blog, you can try the tips below to make your Wordpress blog more secure, at least from the view of script kiddies.
Tip 1 :Remove Wordpress ‘version string’ in your theme files
- Go to Wordpress dashboard, click on presentation -> edit themes -> header.php
- Find and remove this.
bloginfo('version')Save the file.
Explanation: Hide the version number of your Wordpress such that it will be hard for hacker to find security loopholes for the specific version of Wordpress.
Tip 2 :Place empty ‘index.html’ file in the plugins folder
- Open Notepad. Click ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files)
- Upload the file to Wordpress plugins folder in your web server.
Explanation: Hide the plugins used by your Wordpress blog. It uses the same concept as above which is to hide security loopholes in the plugins.
Tip 3: Upload a copy of .htaccess file in the wp-admin folder
- Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla)
- Go to your wp-admin folder
- Upload the .htaccess file you’ve downloaded just now.
Explanation: Prevent files in wp-admin from being accessed by hackers by limiting the access to this folder by IP address (means that the access is limited to the server owner/user only).
Thanks to ro.botys for passing us the three Wordpress security tips.
You can also disallow users pretending to be search engine/ search engines from crawling the core Wordpress folders by putting these in your robot.txt file (upload the file to root of your Wordpress installation folder when you’ve finished).
# This rule means it applies to all user-agents
User-agent: *
# Disallow all directories and files within
Disallow: /wp-admin/
Disallow: /wp-includes/
August 20th, 2007 at 11:50 pm
thanks..good info
August 21st, 2007 at 12:25 am
chot: no problem!
August 21st, 2007 at 1:58 am
that is a good info bloganything, I don’t know that the words “bloginfo” can be attacked by hacker.
August 21st, 2007 at 5:08 am
The php tag will produce this when being processed by the web server (check the source page of any Wordpress blog):
meta name=”generator” content=”WordPress 2.xx”
so what we did was just hide the Wordpres version number.
Thanks for visiting.
August 21st, 2007 at 5:50 am
Interesting. Thanks for the tips I’m going to do them now
August 23rd, 2007 at 10:19 pm
[…] Fuad memberi tips untuk menjaga keselamatan blog wordpress anda […]
August 23rd, 2007 at 11:43 pm
nice…i will dot it right now dude!
August 24th, 2007 at 1:21 am
[…] to bloganything for passing us the three Wordpress security […]
August 29th, 2007 at 3:33 pm
nice advice on security, its a must for every wordpress blogger
August 30th, 2007 at 8:48 am
Good. But the version number appears in many other files, for example at the top of RSS feeds ! Try the “wp-scanner” tool to see yourself all the version leaks…
So search manually and edit all the files where there is the same piece of code, in order to really hide the version number. When wp-scanner is unable to find the exact version of your blog, you’ll know that it’s okay
Yeah I know, knowing the version number of a blog is not necessarry to try to hack it, but it can slow down hackers…
September 5th, 2007 at 10:59 am
Excellent advice. Speaking as someone who had an earlier version of wp hacked with porn uploaded into uploads folder & site subsequently banned from Google (& still banned, 4 months on) - I am so tuned into this now.
September 26th, 2007 at 1:12 pm
How about a way to remove the WordPress version from feeds… short of hacking the core, that is.
November 5th, 2007 at 7:31 am
[…] ce qui suit, j’essaie de dresser quelques astuces et conseils (trouvés sur Bloganything), pour assurer une sécurité minimale pour les gens qui ont un blog tournant sous […]
April 29th, 2008 at 7:05 am
For those who are looking to really secure their wordpress installation, have a look at this:
http://tinyurl.com/3jdgaj
It’s a php firewall that you can install on any php/mysql based site, be it wordpress, vbulletin, whatever.
May 5th, 2008 at 6:06 am
[…] upgrading and backing up, there are a number of little things you should do to further protect your […]