Securing wordpress website with dual protection
Due to recent hacks of wordpress admin. A new debate comes what is the easiest and best possible way to secure a website that is being developed in wordpress. Although wordpress hack is done from passing a unnatural link back to uploading malicious script on the server. With keeping in mind this thing we must need to know the best way to securing a wordpress based site. One of the possible way of securing website is to dual protection of your wordpress admin section because the most recent attack of wordpress is done through admin section hack. Below code snippet will help us to achieve double protection of wordpress admin section. The dual protection contains
i) HTTP based protction (when someone access your wp-login.php file)
ii) Regular authentication of wordpress
HTTP based protection (when someone access your wp-login.php file) Use below code snippet to your .htaccess file
AuthUserFile /var/www/html/.htpasswd AuthType Basic AuthName "Website authorization" Require valid-user
With above code snippet in your .htaacess file. You must need to store a file at the server path /var/www/html (This path can be anything on server) a file .htpasswd below code snippet can be written under .htpasswd file
Remember: One entry per line. Note: The hash is typically “UNIX crypt” style with MD5 or SHA1 as common alternatives.