Quantcast
Channel: Malaysia Linux Tips | jonboy60.com » htaccess
Viewing all articles
Browse latest Browse all 3

WordPress Security Through .htaccess and robots.txt

0
0

What if your WordPress gets hacked?
Wordpress Security Through .htaccess and robots.txt
Infographic source from startbloggingonline.com

So, the main point is if you are running a WordPress powered website, its security should be your primary concern. Many of the WordPress blogs are compromised because their core files and plugins are outdated, files are traceable and it’s an open invitation to hackers.

How to keep you blog away from the bad guys? For starters, make sure you are always updated with the latest version of WordPress. But there’s more. I’ll like to share with you some useful tips to harden your WordPress site, WordPress Security Through .htaccess and robots.txt.

Configuring .htaccess
.htaccess is a configuration file that allows you to override your server’s global settings for the directory that it’s in, by limitting file access.

There’s a couple of ways you can configure it:
# Find it in the root of your website.
# Create your own “.htaccess” file in the root of your web server.
# Edit it using WordPress SEO plugin by Yoast.

Here’s a piece of code used by me:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress


order allow,deny
deny from all


order allow,deny
deny from all


order allow,deny
deny from all
satisfy all

# disable the server signature
ServerSignature Off

# disable directory browsing
Options All -Indexes

From the beginning to the end, those are the basic code generated by wordpress. The other below is the code for protecting your wordpress site.

The second verse is WordPress best practices, they suggest you protect your wp-config.php file. The third and fourth verse is .htaccess best practices, they suggest you protect your .htaccess file too.

Finally is the last verse, it is the code for you to prevent any directory browsing, because you can change a few characters in a URL and continue browsing the website.

Configuring robots.txt
Web site owners use the /robots.txt file to give instructions about their site to web robots and this is called The Robots Exclusion Protocol. It works likes this, a robot wants to vists a Web site URL, say http://www.example.com/welcome.html. Before it does so, it firsts checks for http://www.example.com/robots.txt.

Important reminder for all wordpress owners is the “Disallow: /” tells the robot that it should not visit any pages on the site.

Below is the robots.txt code i used:

User-Agent: *
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin
Disallow: /wp-includes

With the above code, it will not allow the robot from all the search engines out there to access.


Copyright © 2012
This feed is for personal, non-commercial use only.
The use of this feed on other websites breaches copyright. If this content is not in your news reader, it makes the page you are viewing an infringement of the copyright. (Digital Fingerprint:
)

The post WordPress Security Through .htaccess and robots.txt appeared first on Malaysia Linux Tips | jonboy60.com.


Viewing all articles
Browse latest Browse all 3

Latest Images

Trending Articles





Latest Images