Today's question comes from ConroyDave in Boston, Massachusetts. He asks: " I just visitedyour blog. I noticed it was built with WordPress. How do you keep it safe from hackers? Eversince I got PR 5 last month, I've got dozens of hack attempts a minute. " That's a verygood question. And the fact is that since WordPress is so popular, and so widespread,it is subject to a lot more attempts by hackers, especially people that have figured out thatthere are old versions of WordPress that are a little easier to exploit. So the very firstthing that I do, is I try to make sure that I always have my server patched up-to-date;you want to be running the latest version. I think as of this video it's 2. 9. 2, but alreadythey're out testing version 3. 0. I'm sure that will have a lot more security as well. The other big thing that I do, is you can change your HT access file, . htaccess, whichis in wp-admin, and you can basically say, you know what?. . . only a small number of IPaddresses, the ones that I basically-- what are called whitelisting, listing out explicitly,are allowed to access my wp-admin directory. So what that does, is it says, if you're justcoming from the general internet, you can't log-in; you'll get a 403, you'll get a forbiddenerror. But, if you're coming from, say my home ip address, or Google's corporate IPaddress, or maybe a small nubmer of IP addresses that I've very deliberately chosen, then youare allowed to log-in. You'll still need a password, and I try to pick a relatively longpassword. So that is the number one way that I protect myself. Besides being patched, tryto make sure that you set something so that the hackers can't get to your admin directory,unless they're are coming from a specific small set of IP addresses. That might notbe perfect, for example if you're web host happens to get hacked, and people can readdatabase passwords of other customers, or stuff like that, that's not going to protectyou very much. But I would at least do those two things, and that will help keep your WordPress,or any other piece of software, from potentially being hacked.
Source : Google Webmasters
EmoticonEmoticon