views:

73

answers:

3

it's can be apply not only to wordpress. But to all blog platform that can be installed into a server and shared host. so, What do you do via PHP coding or pluggin or any method to secure your installation ?

+1  A: 

I suppose you could modify the .htaccess file to deny permission to /wp-admin* if the IP address doesn't match yours.

Matt Huggins
+1  A: 

Being on a shared host is a bad limitation. This prevents you from installing a web application firewall like Mod_Security.

Here is a list of steps you can take to harden your Wordpress installation.

Rook
+1  A: 

Limit access to ftp. For this, upload to server file .ftpaccess, and paste following code:

<Limit ALL>
Allow from Your.IP.Address
Deny from all
</Limit>


Also, limit access to most important files (like wp-login.php), uploading in the same folder file .htaccess:

<Files "wp-login.php">
Order Deny,Allow
Deny from all
Allow from Your.IP.Address
</Files>
B7ackAnge7z