GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Business Easy way for "Dummies" to make Wordpress more secure. (https://gfy.com/showthread.php?t=1143128)

PornDiscounts-V 06-15-2014 12:32 AM
Easy way for "Dummies" to make Wordpress more secure.
 
If you are one of those types that reads the "... for Dummies" books and want to make your Wordpress installations more secure consider this tip.

Uninstall Wordpress.

Just kidding.

Lets pretend your hosting has you set up like so:

/web/sites/your_user_name/domain1.com
/web/sites/your_user_name/domain2.com
/web/sites/your_user_name/domain3.com

Drop an .htaccess file like so:
/web/sites/your_user_name/.htaccess

So that it is inside your personal directory above the domain directories.

Now put inside it:

Code:
<FilesMatch  "wp-login.php">
order deny,allow
deny from all
allow from 111.222.333.444
</FilesMatch>

<FilesMatch  "xmlrpc.php">
order deny,allow
deny from all
allow from 111.222.333.444
allow from 192.0.80.100
allow from 192.0.80.49
allow from 192.0.80.59
allow from 192.0.81.119
allow from 192.0.81.13
allow from 192.0.81.153
allow from 192.0.81.187
allow from 192.0.81.30
allow from 192.0.81.48
allow from 192.0.81.88
allow from 192.0.82.100
allow from 192.0.82.134
allow from 192.0.82.155
allow from 192.0.82.32
allow from 192.0.82.47
allow from 192.0.82.66
allow from 192.0.83.13
allow from 192.0.83.66
allow from 192.0.84.12
allow from 192.0.84.49
allow from 192.0.86.60
allow from 192.0.86.61
allow from 192.0.86.62
allow from 192.0.86.63
allow from 192.0.86.64
allow from 192.0.86.65
allow from 192.0.86.66
allow from 192.0.86.67
allow from 192.0.86.72
allow from 192.0.86.73
allow from 192.0.86.74
allow from 192.0.86.75
allow from 192.0.86.76
allow from 192.0.86.77
allow from 192.0.86.78
allow from 192.0.86.79
allow from 192.0.86.80
allow from 192.0.86.81
allow from 192.0.86.82
allow from 207.198.101.100
allow from 207.198.101.101
allow from 207.198.101.102
allow from 207.198.101.103
allow from 207.198.101.104
allow from 207.198.101.105
allow from 207.198.101.106
allow from 207.198.101.107
allow from 207.198.101.108
allow from 207.198.101.109
allow from 207.198.101.110
allow from 207.198.101.111
allow from 207.198.101.98
allow from 207.198.101.99
allow from 209.15.21
allow from 216.151.210
</FilesMatch>
Change 111.222.333.444 to your own IP address.

The other IPs in the list are for JetPack plugin to be able to connect back to your sites to make things like posting to Tumblr work or showing the latest posts of one blog in the sidebar of another blog. You can remove them if you don't use JetPack... The list is not complete. Wordpress/JetPack don't release a list of their IPs so you have to build it on your own. That is my incomplete list, but is about 95% done.

If you use Cloudflare or some other kind of service like it you will need to find that IP as well.

While this won't lock you down completely it will keep about 99% of the crap from being able to connect to your server and play with the two files they want to play with the most.

Rochard 06-15-2014 07:02 AM
I do something similar. I have my server locked down by IP address, and then in order to access any admin are you have to enter in another user / pass not related to Wordpress.


All times are GMT -7. The time now is 10:46 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc