Tag: wordpress

Tips for Securing WordPress

I spent much of the morning tracking these items down, so I thought I would share them here

Let’s start with blocking access to the any idjit that wants to try and edit the .htaccess file

<Files .htaccess>
   Order Deny, Allow

## Really? You didn't think I would do this?
   Deny from all
</Files>

Next, let’s shut down the xmlrpc.php file. Mostly unused these days, but can serve as an entry point for more idjits.

[NOTE: If you use JetPack, you may have to open this up to the Auttomatic IPs that make the automated backup requests.]

<Files xmlrpc.php>
   Order Deny,Allow

## No soup for you!
   Deny from all
</Files>

Finally, let’s IP block the access to the wp-admin area. One addition to this is my public IP address. The reason I added this here is that if you access your WP instance by its hostname rather than its IP, your requests will actually go in and out of your router. They will appear with the public IP address even if they originate from within the private IP range.

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
   RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$

## Your local private IP range
   RewriteCond %{REMOTE_ADDR} !^192\.168\.1.

## Your external IP
   RewriteCond %{REMOTE_ADDR} !^[IP ADDRESS REGEX HERE]$

## What to do with the rest of the bozos
   RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

And with these, most of the annoying log entries probing your WP install should leave your site frustrated.

Moving from Typepad to b2evolution

This morning, I decided that I had to re-locate to blog server that I ran myself. Typepad was kind enough to provide me with a 90-day free subscription, and I would been happy to use MoveableType. But when I went to install Moveable Type, the process was far more complex than I had time to dedicate.

b2evolution appeared straightforward. I installed it. Found that it had a Moveable Type (or Typepad) import feature. Exported my Typepad data, including the images.

Imported it. Blog was done.

Really, it was that simple. I was shocked. By 3PM EST, I was tweaking the layout and the template, not futzing with the content. Kudos to the b2evolution team; this is a truly amazing lightweight blog platform for someone like me, who wants something to work right out of the box.

I will keep you informed as I continue to use this product.

Copyright © 2024 Performance Zen

Theme by Anders NorenUp ↑