then what should be in secure in wordpress.? how many, example / wp-admin, / wp-includes, wp-login.php, wp-db.php, wp-config.php. / etc ..
immediately wrote gan, source code I'll give you a live copy and paste on. htaccess, already know the times ..
Access page / Wp-Admin Login with Private IP / Single IP
AuthUserFile / dev / null
AuthGroupFile / dev / null
AuthName "Access Control"
AuthType Basic
Order deny, allow
deny from all
# IP address mate
allow from **.***.***.**
Take a look at the red letters, the same fox **.***.***.** your IP, so IP aja special one who can access the page ..
Keep what about the wp-login.php was also the same right for login ..? Well calm down, we go to wp-login.php, using private IP as well ..
Order deny, allow
Deny from All
Allow from **.***.***.**
same as above, replace the red writing that use the IP you, if you make a dynamic IP address does not need mending, coz it's just for one IP only,
Secure your wp-config.php
Advanced brother, now we mw amanin wp-config.php file, dh wp-config.php know that their role, and therefore let us secure ..
This code ..
# Protect wpconfig.php
order allow, deny
deny from all
Following that we discuss goto the directory Wp-includes, if said people still in the directory wp-includes wp-db.php exists that can ngebongkar all our important data,
made in case of attack wp-includes the authority to make gk index.php or index.html file in that directory gan. For wp-db.php try agan access, there must be an error in wp-includes/wp-db.php that right, there emang klo kelemahanya let us cover it, how to create. Htaccess file the directory section wp-includes, continue to fill the same this code ..
RewriteEngine On
RewriteBase /
RewriteRule .* \. Php $ readme.html [L]
Look at the red writing that, it's readme file of wordpress, we try to transfer the file wp-db.php to the file readme.html in this way.
Ok done, hopefully useful and handy.
No comments:
Post a Comment