Web Talk

I m always worried (and maybe a little paranoid) about Wordpress security, and despite this CMS is pretty secure and stable there is no limit to the improvements you can add to make your website tougher. You can find a lot of plugins stating to make your site hacker-proof, but I try to stay away from them because I don’t like the idea to have something making changes I don’t know in the php code. That’s why I prefer to add manually little php strings and keep track of them so, if something goes wrong, I can delete them. Here is a little list containing useful tips.

1) To prevent people from peering at your php.ini file write this code into your .htaccess file:

<Files php.ini>
Order allow,deny
Deny from all
</Files>

2) To prevent people from peering at your .htaccess write this code into the .htaccess itself:

<Files .htaccess>
order allow,deny
deny from all
</Files>

3) To prevent people from peering at your plugins folder cread with your notepad a black file and name it index.html Place this file in the plugins folder.

4) Prevent people, and malicious softwares from peering at your wordpress version remove from the footer.php or header.php file located in your theme this line: <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />