17 September 2012 ~ 0 Comments

How to Disable PHP Execution in Certain WordPress Directories

Having cleaned numerous WordPress hacks, in our experience most backdoor access files disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not…

Continue Reading

13 September 2012 ~ 0 Comments

How to Setup Secure Media Uploads

As discussed, it’s important to protect your site by setting proper file permissions on the server. This can be tricky for certain directories such as /uploads/, /upgrade/, and /backups/, which need to be writable by the server in order for things like uploads, upgrades, and backups to work…

Continue Reading

16 July 2012 ~ 0 Comments

How to Secure and Protect WordPress Website through .htaccess file

With the help of a .htaccess (hypertext access) file you can get a directory-level configuration and it allows you to decentralized the management of your web server configuration. As well it allow you to improve your blog’s security, and reduce bandwidth…

Continue Reading

26 July 2011 ~ 0 Comments

How To Increase Your WordPress Security

With all this crazy hacking going on, it’s the perfect time to buff up any WordPress blog or website install. Especially considering how many exploits and vulnerabilities external plugins could present to outside

Continue Reading

18 June 2011 ~ 1 Comment

How to Secure uploads, upgrade and other directories with .htaccess

It sucks, but a lot of plugins require certain directories to be set at CHMOD 777 for its file permissions. Of course, you should not use any plugin that requires 777 directories, but if you absolutely must, you can help protect the folder by adding a thin slice of htaccess. This works great for any directory requiring “loose-ish” permissions (i.e., anything greater than 755), and may…

Continue Reading

11 January 2011 ~ 0 Comments

Simpler Login URL

The default URL for logging into your WordPress powered site is: http://yoursite.com/wp-login.php. Or if you’ve installed in a subdirectory, something like http://yoursite.com/wordpress/wp-login.php. I’ve wished that was a little cleaner, especially when you are doing something explaining to a client where to log in over the phone. Fortunately changing this can be very easy. To make …

Continue Reading