Ok call me paranoid…yep I am. A few months ago I read an article that showed how easy it is to get into the guts of your blog. I hadn’t set up YSP quite yet and thought, oh yeah I definitely want to make sure I remember that tip for my wordpress blog, but I forgot.
Today I stumbled upon on The Site Wizard while looking for some thing else and was sucked into an article they had on how to keep your wordpress blog content safe from hackers. Of course they simply called the article “how to secure your wordpress blog.”
I immediatley took the test and FAILED, which means, tail between the legs, Your Shortest Path was not secure and safe from those who know more than me and have a malicious intent.
Before we get started, this is what can happen if you don’t restrict access to your blog directories / folders - Per the Site Wizard.
If your blog has never been hacked before, you may wonder what the consequences are. In the past, hacked blogs have exhibited one or more of the following symptoms:
- The blog may be defaced.
- The hackers install hidden links on the blog that point to sites they own. Since Google ranks sites according to the number of links pointing to them (among other things), the intention is to make their site appear more important to Google.
- The hackers may install some sort of malware that will install on the computers of the blog’s unsuspecting visitors.
Directions on How to Make Your Blog Directories Protected and Safe
This is what you want to do. Go to your browser and type in: http://www.YourBlogName.com/wp-content/plugins/ and if it lists the wordpress plugins you installed you want to take steps listed below.
1. open Notepad or I use Trellian CodePad.
2. Open the FTP to your wordpress blog domain. I use Fire FTP which is a free tool on Firefox.
3. In folder that contains your blog you will find a .htaccess file. Move a copy over to your computer by clicking the arrow pointing to the left in the middle of the fire ftp program which is seen in the second image.
4. Now make a copy of this file and save it in a new folder you call “original htaccess” or whatever name floats your boat I used “YourShortestPath.” Do not skip this step because if you do and for some reason your blog stops working when you upload the new and improved file, you will be more than just sad.
5.
Open Trellian CodePad or Notepad and open the .htacess file you just saved. Type in “options -Indexes” and hit return so that you get a space afterwards - this will create a blank line just before the end of the code which is # END Wordpress
6. Save this file as “.htacess” with the quotes so that it doens’t attach a .txt if you are using notepad.
7. Go back to Fire FTP and refresh the folder so that this new .htacess file is showing. Do this by clicking on the blue arrow which I circled below.
Click the arrow pointing to the right to move the file back over to your blog.
8. Now go back to your brownwer and type in: http://www.yourshortestpath.com/wp-content/plugins/ Below is an example of a 404 error someone will get if they are tying to access secure folders on your blog.
That’s it. With this tutorial you probably spent less than 10 minutes and have saved yourself many hours in the long run.
{ 0 comments… add one now }