How to prevent your WordPress Site from being SQL Injected? Print

  • 0

Step 1: The default install of WordPress is not secure as anyone would wish, therefore the need for extra preventive measures is essential.

Step 2: To avoid this you need to make sure, no one has access to the wp-admin directory.

Step 3: Here is how you can do it:

Step 4: Create a new file and call it .htaccess ( hyper text access ) and store it in the wp-admin folder under your main WordPress installation.

Step 5: .htaccess files provide ways to control access on a per folder basis, so you can create a copy in every folder you wish to control and secure access.

 

Step 6: Add the following and save the file:

 

# allow requests for images, CSS and some JavaScript files only

<Files ~ “.(css|jpe?g|png|gif|js)$”>

Allow from all

</Files>

 

# allow only from your ISP

Order deny,allow

Allow from 00.000.00.000 #That’s your static IP

Deny from all

 

Substitute 00.000.00.000 with you ip address. You can easily find it by going to http://www.downforeveryoneorjustme.com.au

 

Step 7: This will allow only from your browsing location. If you want to have the flexibility widening the range to access the admin area, just enter 00.000.00. instead of 00.000.00.000

Step 8: Test by going to the Site Admin and log into your admin area.

Step 9: You should get in with no issues.

Step 10: Log out, log in again from a proxy site. You should go to a file not found error page.


Was this answer helpful?

« Back