Simple WordPress Security Settings

Source: Internet
Author: User

Recently, some blogs have always been hacked into by others. The following describes how to prevent wordpress blogs from being hacked.

First, permission settings

Set the permission to read-only, chmod-v-R 555 (varies from person to person, if it is a cp or da panel host is 550)/home/safe121.com-akdifasdkf434/asdfsd32523/gfgad5346/public_html

Then enter wp-content and enter chmod 777 (different from person to person, if it is cp or da panel host is 770)-v-R uploads, otherwise the file cannot be uploaded,

If there are some plug-ins, such as wp-super-cache, you also need to set the cache directory to writable (777) (varies from person to person, if it is a cp or da panel host, it is 770)

Followed by settings on webserver

It should be: "executable is not written, but can be written is not executed"

Therefore, write the. htaccess file in these two directories. The content is as follows:

<Files ~ ". Php |. Php |. PHp |. PHP |. phP |. pHP |. pHp |. PhP">
Order allow, deny
Deny from all
</Files>

This can prohibit the execution of php, and then the background security, you can modify the file name of the wp-login.php, but you need to replace the wp-login.php in this file for your new file name, if the DIY ability is better, you can refer to this article protecting website background with USB key

In this way, even if you get your password, you cannot enter the background, enter the background, or get the shell, which is safer.

 

From: network security technology blog (www.safe121.com)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.