Matt Cutts is most commonly known for his job as the head of the Google Search team, but the guy also appears to know a lot about being a webmaster. A couple of days ago Matt wrote a post titled Three Tips to Protect Your WordPress Installation where he details three things you can do to help avoid having your WordPress blog get hacked.

Here is the first tip:

Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from
# whitelist work IP address
allow from
allow from
# IP while in Kentucky; delete when back
allow from

I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.

Kyle Eslick is WordPress enthusiast who took his passion for WordPress to the next level in 2007 by launching as a place to share hacks, tutorials, etc. Follow Kyle on Twitter @KyleEslick!

  1. anonimu says:

    And what if i have a dynamic ip?:-/

Trackbacks/Pingbacks »

  1. Le ultime notizie più succulente dalla blogosfera - Edizione del 4 Febbraio 2008 | MondoBlog says:
  2. Blogosfera: Le Ultime Notizie - Edizione del 4 Febbraio 2008 | MondoBlog says:
  3. Wordpress Plugin Centre - Wordpress trick - Tips For Protecting Your WordPress Installation says: