5 Steps To Protection WordPress

By bernadsatriani | Published: April 13, 2009

1. Create .htaccess

Create .htaccess file like this :

<IfModule mod_rewrite.c>
RewriteEngine On
php_flag register_globals off
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

<Files wp-config.php>
Order Deny,Allow
Deny from All
</Files>

2. Create Robots.txt

User-agent: *
Allow: /
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/

3. Create file index.html

Create index file with blank content or whatever do you want in plugin directory wp-content/plugins/index.php

4. Remove Meta Name Generator WordPress

5. Upgrade your WordPress with newest version

Source :

- Google

- wp-magz.com

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • Posterous
This entry was posted in Wordpress and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

83 Comments

  1. bernadsatriani
    Posted April 19, 2009 at 3:10 pm | Permalink

    @d3ptzz
    setan..!!

    @bloggerjogja
    nggilani..
    huahahha

  2. shei
    Posted April 20, 2009 at 7:35 am | Permalink

    Nice tips!!

    (tapi gak ngerti mau diapain ) :P

    jalan2 lagi ya ke blog shei, uda di link loo..
    oiya, kalo sempet, sekalian mampir ke : http://www.renggetdyaloka.com

  3. ryan
    Posted April 20, 2009 at 9:11 am | Permalink

    baiknya htaccess juga dimasukkin ke directory wp-admin,, kalau gk mau repot dengan 5 step di atas bisa pakai plugin wp security scan, hehe

  4. bernadsatriani
    Posted April 20, 2009 at 7:26 pm | Permalink

    @shei
    hoho
    makasih neng..
    hu uh..
    makasih yah..
    link back kq ntr.. :P

    @ryan
    yep..
    saran yg baek
    thx bro..

  5. the_bonjrot
    Posted April 21, 2009 at 5:57 am | Permalink

    wah wah wah wah..

    oke neh kang..

    nggonQ sisan yo kang..
    :D

  6. bernadsatriani
    Posted April 21, 2009 at 9:19 am | Permalink

    @the_bonjrot
    gyah…
    moh..

  7. badkiddies
    Posted April 22, 2009 at 8:55 am | Permalink

    I repeat.. I’m not fvcking gay like bernadjis :p

    bad mlh sebagai tmn yang baik, ingin menyembuhkan penyit gay dr diri bernad… mbok rekan2 di sini turur berpatisipasi…

    kl misalnya pny kenalan bakul jamu gendong yg masih single atopun duda n janda, segera kenalin ke tmn kita “bernad”..

    Best Regards,
    BadKiddies
    http://badkiddies.com

  8. mixbrainwasher
    Posted April 22, 2009 at 1:36 pm | Permalink

    Quote

    badkiddies April 22nd, 2009 at 8:55 am

    I repeat.. I’m not fvcking gay like bernadjis :p

    bad mlh sebagai tmn yang baik, ingin menyembuhkan penyit gay dr diri bernad… mbok rekan2 di sini turur berpatisipasi…

    kl misalnya pny kenalan bakul jamu gendong yg masih single atopun duda n janda, segera kenalin ke tmn kita “bernad”..

    Best Regards,
    BadKiddies
    http://badkiddies.com

    =================================================

    bakul jamu gendong duda??
    masak kenalin ma OM OM lagi???

    =))

  9. dianfi
    Posted April 22, 2009 at 1:55 pm | Permalink

    @bad :
    Segitu Kronis kah BerNad……..

    b(^_^)d

  10. Cipzto
    Posted April 22, 2009 at 2:50 pm | Permalink

    wah… banyakk banget komentarnya :D
    ijin ninggalin jejak juragan :D

  11. bernadsatriani
    Posted April 22, 2009 at 8:44 pm | Permalink

    @badkiddies
    wasyuu..!!

    @mixbrainwasher
    kisrush sikat!!

    @dianfi
    mulai lagi..
    tak wedeni meneh kwe..

    @cipzto
    monggo kang.. :P

  12. d3ptzz
    Posted April 23, 2009 at 2:12 am | Permalink

    eh yang seminar kemarin dipostingkan dong kk…

    kk baik deh…:P

  13. bernadsatriani
    Posted April 23, 2009 at 2:54 am | Permalink

    @d3ptzz
    wedew..
    sek sek..
    tak pikir sek..
    hahahaha

  14. bocahmiring
    Posted April 23, 2009 at 3:33 am | Permalink

    padune ndhoyoke wedi kentekan bahan seminar we…

  15. badkiddies
    Posted April 23, 2009 at 4:13 am | Permalink

    sssstttss…. ada co nya bernad ga terima tuh… wkwkwkwkkw…

    nyindir “bocahniring” :p

  16. bocahmiring
    Posted April 23, 2009 at 4:24 am | Permalink

    ente bisa baca gak bad?

  17. fuad
    Posted April 23, 2009 at 4:29 am | Permalink

    Hahaha…
    guayeng ki..
    sing penting aja jotos2an lho mas

  18. bernadsatriani
    Posted April 23, 2009 at 9:15 am | Permalink

    @badkiddies
    muatamu cok..!!

    @bocahmiring
    sembarangan..

    @fuad
    cah ilik mneng ae..

  19. mixbrainwasher
    Posted April 23, 2009 at 9:52 am | Permalink

    aku mek melu2 haluan wae kok

    ono opo neng kene “ikut memeriahkan aja”

    hahahah!!

    jare wisben : bolo kurowo metu kabeh…

    sorak2 bergembira!!bergembira semoa!!

    yang ikut mari sini

    come here!
    get over here!
    :D

  20. mixbrainwasher
    Posted April 23, 2009 at 11:20 am | Permalink

    hahahahahahahaha

    iki pdo ngopo toh??

    nganti komenQ sek terakhir di busak
    :D

  21. Cipzto
    Posted April 23, 2009 at 1:20 pm | Permalink

    nonton aja ahh :D

    bawah gw maho

  22. boringday
    Posted April 24, 2009 at 8:27 am | Permalink

    adha apa ini????
    apa kabar blok underground?

  23. haru
    Posted April 24, 2009 at 11:18 am | Permalink

    Nice tutor bro…:D

  24. bernadsatriani
    Posted April 24, 2009 at 11:06 pm | Permalink

    @haru
    thx dude..

  25. dianfi
    Posted April 24, 2009 at 11:27 pm | Permalink

    Haiah ki kakean Comment…
    Isi ne gor Maho maho ae….
    Wes Close Thread iki….

    Neng nduwe kudu update….
    WoY Mas Update Mas…!!!!! :D

  26. rawan
    Posted April 27, 2009 at 12:28 pm | Permalink

    bang tanya, kalau username-nya (yg biasanya admin) d ganti bisa nambah keamanan g?

  27. bernadsatriani
    Posted April 27, 2009 at 8:22 pm | Permalink

    @rawan
    yup..
    untuk antisipasi serangan bruteforce dengan menggunakan default username ( admin )

  28. g0gel
    Posted April 28, 2009 at 12:54 pm | Permalink

    kebetulan punya saya ditaro di sub domain yang nama foldernya saya sendiri sudah lupa ;) ). lha wong tak permission 111 wakakaka…

    kl begitu aman nda kaka…..???

  29. bernadsatriani
    Posted April 28, 2009 at 5:36 pm | Permalink

    @g0gel
    waduh..
    malah permition 111
    hihihi…
    ya aman” aja c… :P

  30. blank_alpha
    Posted May 7, 2009 at 9:44 am | Permalink

    ya oloh panjang bener commentnya? :p
    sebenernya pake plugin stealth login buat ngelindungin wp-admin

    cukup membantu..

    http://www.bernadsatriani.net/wp-admin

    menjadi

    http://www.bernadsatriani.net/bernad-login

  31. bernadsatriani
    Posted May 7, 2009 at 10:26 am | Permalink

    @blank_alpha
    wah pada nggosip nie dsni.. :P
    seep bro..
    thx bwt sarannya… :D

  32. flammer_atsui
    Posted May 10, 2009 at 1:25 pm | Permalink

    Wah ada tambahan saran lain mungkin, gmana klo loginnya juga dikasih .htaccess ma .htpasswd biar dobel login (2 lebih bagus dari pada satu bukan? – asal passwordnya kedua-duanya juga beda2). Hmm klo punya ip public static sih bisa diset juga biar hanya IP pemilik web yang bisa login. Huehehe.

  33. bernadsatriani
    Posted May 10, 2009 at 5:53 pm | Permalink

    @flammer_atsui
    seep”..
    saran yg bagus bro..
    thx dude.. :D

One Trackback

  1. By ra tau beres (dot) com » Blog Archive » CMS Security Issues on April 16, 2009 at 12:26 pm

    [...] juga sebenernya sih masih rawan, tapi kemaren nemu tips buat melindungi blog kita di sini: “5 Steps to Protect WordPress” . Alangkah baiknya kalau membiasakan diri dengan CMS yang lebih aman daripada bertahan [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

BernadSatriani.NET | Catatan Perjalanan is Digg proof thanks to caching by WP Super Cache