Results 1 to 5 of 5
Thread: secure htaccess
-
04-22-2011, 12:40 AM #1Junior Guru
- Join Date
- Apr 2010
- Posts
- 235
secure htaccess
can you please tell me whats he best htaccess for wordpress to secure my blog?
-
04-22-2011, 12:54 AM #2WHT Addict
- Join Date
- Sep 2005
- Posts
- 170
the one that comes with wordpress best way to be protected is to keep your wordpress updated all the time, additional software/services could be used to help like mod_security or CloudFlare.
█ StableHost.com - Home to over 23,000 websites.
█ Contact us: 866.945.6952
█ Offering: 24/7/365 Support, Web Builder and Softaculous.
█ Read over 100+ reviews about us at RateLobby!
-
04-22-2011, 03:23 AM #3Disabled
- Join Date
- Dec 2007
- Posts
- 3,597
-
04-26-2011, 10:34 AM #4Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
Make sure the server you are hosted on is secured.
Check out http://wordpress.org/extend/plugins/...roof-security/ as a plug than can help including .htaccess
Thak you.
-
04-27-2011, 08:53 AM #5Junior Guru
- Join Date
- Oct 2008
- Location
- Chicago, IL
- Posts
- 222
We've found that the majority of WordPress sites that are infected are due to either the WordPress itself not being updated as well as all plugins.
More often than not, it's the plugins that don't get updated.
It would be nice if WordPress had a "Vulnerable Plugins" list similar to what Joomla has with their "Vulnerable Extensions" list.
The standard .htaccess file that comes with WordPress doesn't protect your plugins all that well.
Your .htaccess file also needs to protect your wp-content folder from outside injections and inclusions.
Hackers know that when you update your WordPress files, you delete the wp-admin and wp-includes folders, then copy those from the updated files, then copy over the root and wp-content folders from the update.
However, they also know that very little gets updated in the wp-content folder. Therefore, the safest place for them (hackers) to hide their malware is somewhere in the wp-content folder. Usually in a theme or some plugin folder.
Rarely do we see where all the plugins have been kept updated.
In the log files for infected sites we see many entries with:
Code:../../../../../../proc/(something) base64_decode(' then a long string <script %3Cscript
So the .htaccess should prevent any direct access to .php files in the wp-content folder. Only "internal" access to these files should be allowed. Same rule holds true for the wp-includes folder.
Remember that .htaccess controls access for http requests - not internal program requests.
You also need to prevent code from running in any images folders, etc.Thomas J. Raef
WeWatchYourWebsite - so you don't have to!
Similar Threads
-
htaccess secure and insecure installation
By w1nk5 in forum Web HostingReplies: 2Last Post: 06-28-2010, 10:32 AM -
best way to secure with .htaccess
By yah0m in forum Programming DiscussionReplies: 1Last Post: 04-01-2009, 02:45 AM -
how to secure a site using .htaccess
By Cool Surfer in forum Hosting Security and TechnologyReplies: 3Last Post: 12-19-2005, 01:51 PM -
When using SSL, is .htaccess sent secure?
By thanatas in forum Hosting Security and TechnologyReplies: 1Last Post: 03-29-2004, 01:31 PM -
How secure is htaccess?
By netline5000 in forum Hosting Security and TechnologyReplies: 1Last Post: 09-14-2002, 11:51 AM