Matt Cutts is most commonly known for his job as the head of the Google Search team, but the guy also appears to know a lot about being a webmaster. A couple of days ago Matt wrote a post titled Three Tips to Protect Your WordPress Installation where he details three things you can do to help avoid having your WordPress blog get hacked.

Here is the first tip:

Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist home IP address
allow from 64.233.169.99
# whitelist work IP address
allow from 69.147.114.210
allow from 199.239.136.200
# IP while in Kentucky; delete when back
allow from 128.163.2.27
</LIMIT>

I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address 64.233.169.99 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.

Kyle Eslick is WordPress enthusiast who took his passion for WordPress to the next level in 2007 by launching WPHacks.com as a place to share hacks, tutorials, etc. Follow Kyle on Twitter @KyleEslick!

  1. anonimu says:

    And what if i have a dynamic ip?:-/

Trackbacks/Pingbacks »

  1. Le ultime notizie più succulente dalla blogosfera - Edizione del 4 Febbraio 2008 | MondoBlog says:
  2. Blogosfera: Le Ultime Notizie - Edizione del 4 Febbraio 2008 | MondoBlog says:
  3. Wordpress Plugin Centre - Wordpress trick - Tips For Protecting Your WordPress Installation says: