Apr 28 2013
Secure your wordpress based website with dual protection
Due to recent hacks of wordpress admin. A new debate comes what is the easiest and best possible way to secure a website that is being developed in wordpress. Although wordpress hack is done from passing a unnatural link back to uploading malicious script on the server. With keeping in mind this thing we must need to know the best way to securing a wordpress based site.
One of the possibe way of securing website is to dual protection of your wordpress admin section because the most recent attack of wordpress is done through admin section hack.
Below code snippet will help us to achieve double protection of wordpress admin section. The dual protection contains
i) HTTP based protction (when someone access your wp-login.php file)
ii) Regular authentication of wordpress
HTTP based protction (when someone access your wp-login.php file)
Use below code snippet to your .htaccess file
<Files wp-login.php> AuthUserFile /var/www/html/.htpasswd AuthType Basic AuthName "Website authorization" Require valid-user </Files>
With above code snippet in your .htaacess file. You must need to store a file at the server path /var/www/html (This path can be anything on server) a file .htpasswd
below code snippet can be written under .htpasswd file
username:$apr1$zbHD0TWK$Z/3lMobCaAok2LbMoCFgz0
Remember: One entry per line.
Note: The hash is typically “UNIX crypt” style with MD5 or SHA1 as common alternatives.
Related posts:
Chandra Shekhar
Latest posts by Chandra Shekhar (see all)
- Choose between standard and flexible App engine on GCP - January 12, 2019
- How to use Cloud Endpoint in GCP - December 31, 2018
- First deployment on Kubernates - December 29, 2018
Recent Comments