Français
  • How do you protect your blog from hackers?


    Added on Monday 21 June 2010 12:20:01
    by GoogleWebmasterHelp
    9826 Views
    5.0 / 5
    12345
    61 rates
    Send this video to your friends
    Get embed code of video

    I just visited your blog. I noticed it was built with WordPress. How do you keep it safe from hackers? Ever since I got PR 5 last month - I've got dozens of hack attempts a minute.

    @conroydave, Boston, MA

    Tips from Matt on protecting your WordPress installation:
    http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/



    facebook
    Comment(s)
  • Write your comment here...
  • agapitoflores001

    This is a good way to protect ourselves from hackers. Woe to hackers. Another nice thing from Google!
    Friday 11 November 2011 23:33:50
  • MegaTutorial101

    Maybe if Anonymous hacked you're blog..... They can hacked it.... Just a matter of seconds
    Tuesday 01 November 2011 22:45:20
  • DyeSwatForeign

    0 people hates Google Thumbs Up
    Saturday 11 December 2010 07:55:30
  • mq3500

    Nice feature of WP 3.0 is Admin doesn't have to be Admin anymore - change the Admin Login to some other name and improve your security by a magnitude.
    Wednesday 30 June 2010 23:26:49
  • SwamiAjaynanad

    Protecting Wordpress admin is just one small step. There are more hacks on host than on the wordpress admin. Protecting web hosting is more importat as well. What I do is I block all open ports such as ftp etc. I use SSH (with Auth key) on different port. All IPs are also blocked except few from which I access host. And so on... Above steps are for dedicated servers or the servers which you have full control. For shared hosting you have no option than just protecting WP admin.
    Sunday 27 June 2010 11:19:49
  • jezwebb

    That's a good tip. Add to that, having a backup so you can restore your site if it is hacked, as there are so many ways to exploit popular platforms like WordPress, Joomla etc. searchenginefriendlyhosting com DO allow you to add your own custom .htaccess files, php.ini and have one click backup.
    Saturday 26 June 2010 01:34:15
  • catascouts

    What about Blogger? I guess the long and complicated password is the best way of protecting an account.
    Thursday 24 June 2010 07:36:23
  • patellaman

    @adrianTNT To do what Mattr has suggested regarding IP's, you'll need a static IP, otherwise each time you connect to the internet it'll be different, therefore blocking you from your admin directory! ;)
    Tuesday 22 June 2010 22:16:26
  • patellaman

    Very good tips, I also run a full weekly backup of all my databases, files and directories! ;)
    Tuesday 22 June 2010 22:14:50
  • timtim2500

    Are you gaining weight, old man? ;-) lol
    Tuesday 22 June 2010 11:02:11
  • ZachariahLogan

    i like the new hair dew, but it would be a little smarter to remove the readme.html and turn user registration off
    Tuesday 22 June 2010 10:52:06
  • adrianTNT

    "Home IP address"?! OK Matt, now people will break into your home to spam your high PR blog.
    Tuesday 22 June 2010 04:34:54
  • rahulxxx2000

    and what about blogger ? give us some tips thumbs up if you want to get blogger security tips from Matt
    Tuesday 22 June 2010 02:56:40
  • drwxrxrx

    @bcnorth you should escape the periods in your IP rules... ##\.##\.##\.##
    Monday 21 June 2010 18:57:49
  • NicheWebsiteStrategy

    I think one of the problems people maybe having is their host does not allow you to edit or move your .htaccess. With that said just call up your hosting company if your having trouble they might have certain rules about how your .htaccess can be editted. But like Matt said this does not protect it 100%. If your using wordpress then simply type in your find plugin page the words login security. You will get a bunch of addons that are rated.
    Monday 21 June 2010 17:28:56
  • bcnorth

    To block people from other IP's, add this to an htaccess file and upload to your /wp-admin/ folder. (of course replace the ##.##.##.## with your actual IP, or Range you want to allow. order allow,deny allow from ##.##.##.##
    Monday 21 June 2010 17:15:39
  • NicheWebsiteStrategy

    For me I can not "whitelist" so to speak my htacess but then again I used a very cool tool on my login page that stops hackers from accessing my login multiply times. If they put the wrong username and password in it automatically denies them access for a hour.
    Monday 21 June 2010 17:12:04
  • moroandreait

    Hey Matt, the tactics you suggested is nice, but I really not able how to figure how to bind htaccess to a folder and to a specific IP. Have you a sample on how to do that? Thanks.
    Monday 21 June 2010 16:50:44
  • jazz0900

    does anyone know if the ip authentication he mentioned with .htaccess can be obfuscated by hacker so they have access?
    Monday 21 June 2010 15:48:34
  • SeriousGarbageMan

    @ANDiTKO you do sql injections through a vulnerable script, a script that doesn't sanitize data being input the data from the client. your friend is, sorry to say it, a wannabe hacker. apache has nothing to do with mysql and will never have anything to do with it.
    Monday 21 June 2010 13:28:56
  • ANDiTKO

    Well, yeah ok. What about the SLQ injections? I had a friend that was doing remote SQL queries without having any admin access. He said that was a server hack (had to deal with the Apache server) not a script hack.So: Duble ckeck your Server settings! Upgrade your server software as well. Another good way is to protect your file and folder permissions.
    Monday 21 June 2010 12:56:22
  • daveashe

    there is a wordpress automatic update plugin, this combined with pinging wp-cron.php using wget in the crontab file will keep everything up to the latest version
    Monday 21 June 2010 12:38:08
  • nightgunner5

    Yeah, they released 3.0 on the 17th. UPDATE!
    Monday 21 June 2010 12:33:20
  • PoopnSuch

    first 
    Monday 21 June 2010 12:28:02
ADVERTISEMENT
Supplements
Social Network
Tag cloud
Go to top
Copyright © 2010 Prise1