Some months ago I wrote an article where I spoke about how to secure your Wordpress blog with simple php pieces of code. Following that post, I have decided to write something more about it, to let you know how it is possible to further improve your blog’s security with some little tricks that don’t cost you a thing. As you know, I am always concerned about my blog’s security and, since no CMS is fully hacker-proof, it is always good to be prepared for rainy days. These are the tricks you can apply to better protect your blog.
Restrict access to your wp-config.php
- Create a “.htaccess” in your Wordpress root. (to create it, use Windows notepad. Just create the file and rename it accordingly)
- If you don’t know how to create a “.htaccess” file you can use this website.
- Put the “.htaccess” inside your wp-admin directory and, inside it, write:
- <Files wp-config.php>
Order Deny,Allow
Deny from All
</Files>
Trick Spam and prevent it from spamming your comment section
This little piece of code tricks spam in a very easy and nasty way. In fact it adds, in the comment form section, a little blank field. Once the spambot detects it, it will try to write something in it. At this point, since the field is not writable, the code will prompt the spambot to start from the beginning… endlessly. Of course this field is not viewable by users, but it is visible to spambot and automatic malicious robots which will try to fill it out:
- Write this code in the “comments.php” file located in your Wordpress theme folder. You have to place this code among the other fields which are used to write a comment, before the field where people have to write the comments themself:
- <form method=POST action=”list.php” name=”list”>
<input type=”hidden” name=”submitted” value=”submitted”>
<div class=”form_01″>
<label for=”first_name”>First name:</label>
<input title=”If you managed to write in it, you are spam!!!” type=”text” name=”first_name” id=”first_name” value=”" onKeyUp=” val = this.value; if (val.length > 0) { alert(’Please place your cursor in ‘Name’ box to start your message’); this.value = val.substring(0,0); emailform.focus() } this.form.count.value=0-parseInt(this.value.length); “>
</div> - Now, to hidden this field from people, place this code in “style.css” located in your Wordpress theme folder:
- .form_01 {
visibility: hidden;
display: none;
}
Restrict access to the wp-content and wp-includes directories
- Create a “.htaccess” inside your wp-content and wp-includes directories and, inside it, write:
- Order Allow,Deny
Deny from all
<Files ~ “.(css|jpe?g|png|gif|js)$”>
Allow from all
</Files> - Note: this code may cause some plugin to misbehave.
Tags: security, trick, Wordpress
Related Articles
Latest Articles
- I am going on Vacation at last!
- New Transcend Digital Frame T.Photo 720
- How to change the preview picture in Folder Thumbnail in Vista
- Nokia N810 running Google Android? Yes, it can!
- How to export bookmarks from Firefox to Internet Explorer
- Shuttle Barebone XPC SN78SH7
- How to use Pwnage tool to jailbreak (unlock) iPhone and iPod
- Enable Spellchecking in Firefox 3
Leave a Comment
All contents are licenced under a Creative Commons Licence.


Comments
Windows XP SP3 endless reboot boot (Stop c0000139): Didn’t work for me, I couldn’t get past the...
Fix “Browseui.dll was not found” issue in Windows XP: worked like a charm …recommended.
Windows XP SP3 endless reboot boot (Stop c0000139): Thanks worked for me
Disable Windows Vista and XP from requiring for password on wakeup from Standby or Hibernation : Your blog is...
How to remove Windows Genuine Advantage (WGA) plug-in from Firefox: “If any info related to the plugin...
Windows XP SP3 endless reboot boot (Stop c0000139): No found it via google searching for a problem