Results 1 to 5 of 5

Thread: secure htaccess

  1. #1
    Join Date
    Apr 2010
    Posts
    235

    secure htaccess

    can you please tell me whats he best htaccess for wordpress to secure my blog?

  2. #2
    the one that comes with wordpress best way to be protected is to keep your wordpress updated all the time, additional software/services could be used to help like mod_security or CloudFlare.
    StableHost.com - Home to over 23,000 websites.
    Contact us: 866.945.6952
    Offering: 24/7/365 Support, Web Builder and Softaculous.
    Read over 100+ reviews about us at RateLobby!

  3. #3
    Quote Originally Posted by enhu View Post
    can you please tell me whats he best htaccess for wordpress to secure my blog?
    If you need to have secure connection to your blog via HTTP you may use SSL. So far there are should be reasons for that.
    MrNerd is right - follow up all updates and you will be ok.

  4. #4
    Greetings:

    Quote Originally Posted by enhu View Post
    can you please tell me whats he best htaccess for wordpress to secure my blog?
    Make sure the server you are hosted on is secured.

    Check out http://wordpress.org/extend/plugins/...roof-security/ as a plug than can help including .htaccess

    Thak you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  5. #5
    Join Date
    Oct 2008
    Location
    Chicago, IL
    Posts
    222
    We've found that the majority of WordPress sites that are infected are due to either the WordPress itself not being updated as well as all plugins.

    More often than not, it's the plugins that don't get updated.

    It would be nice if WordPress had a "Vulnerable Plugins" list similar to what Joomla has with their "Vulnerable Extensions" list.

    The standard .htaccess file that comes with WordPress doesn't protect your plugins all that well.

    Your .htaccess file also needs to protect your wp-content folder from outside injections and inclusions.

    Hackers know that when you update your WordPress files, you delete the wp-admin and wp-includes folders, then copy those from the updated files, then copy over the root and wp-content folders from the update.

    However, they also know that very little gets updated in the wp-content folder. Therefore, the safest place for them (hackers) to hide their malware is somewhere in the wp-content folder. Usually in a theme or some plugin folder.

    Rarely do we see where all the plugins have been kept updated.

    In the log files for infected sites we see many entries with:

    Code:
    ../../../../../../proc/(something)
    base64_decode(' then a long string
    <script
    %3Cscript
    GET querystrings with http:// (then the URL of some hacked/hacker website where they can remotely include a file)

    So the .htaccess should prevent any direct access to .php files in the wp-content folder. Only "internal" access to these files should be allowed. Same rule holds true for the wp-includes folder.

    Remember that .htaccess controls access for http requests - not internal program requests.

    You also need to prevent code from running in any images folders, etc.

Similar Threads

  1. htaccess secure and insecure installation
    By w1nk5 in forum Web Hosting
    Replies: 2
    Last Post: 06-28-2010, 10:32 AM
  2. best way to secure with .htaccess
    By yah0m in forum Programming Discussion
    Replies: 1
    Last Post: 04-01-2009, 02:45 AM
  3. how to secure a site using .htaccess
    By Cool Surfer in forum Hosting Security and Technology
    Replies: 3
    Last Post: 12-19-2005, 01:51 PM
  4. When using SSL, is .htaccess sent secure?
    By thanatas in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-29-2004, 01:31 PM
  5. How secure is htaccess?
    By netline5000 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-14-2002, 11:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •