Tip:
Highlight text to annotate it
X
Today's question comes from ConroyDave in Boston, Massachusetts. He asks: " I just visited
your blog. I noticed it was built with WordPress. How do you keep it safe from hackers? Ever
since I got PR 5 last month, I've got dozens of hack attempts a minute." That's a very
good question. And the fact is that since WordPress is so popular, and so widespread,
it is subject to a lot more attempts by hackers, especially people that have figured out that
there are old versions of WordPress that are a little easier to exploit. So the very first
thing that I do, is I try to make sure that I always have my server patched up-to-date;
you want to be running the latest version. I think as of this video it's 2.9.2, but already
they're out testing version 3.0. I'm sure that will have a lot more security as well.
The other big thing that I do, is you can change your HT access file, .htaccess, which
is in wp-admin, and you can basically say, you know what?...only a small number of IP
addresses, the ones that I basically-- what are called whitelisting, listing out explicitly,
are allowed to access my wp-admin directory. So what that does, is it says, if you're just
coming from the general internet, you can't log-in; you'll get a 403, you'll get a forbidden
error. But, if you're coming from, say my home ip address, or Google's corporate IP
address, or maybe a small nubmer of IP addresses that I've very deliberately chosen, then you
are allowed to log-in. You'll still need a password, and I try to pick a relatively long
password. So that is the number one way that I protect myself. Besides being patched, try
to make sure that you set something so that the hackers can't get to your admin directory,
unless they're are coming from a specific small set of IP addresses. That might not
be perfect, for example if you're web host happens to get hacked, and people can read
database passwords of other customers, or stuff like that, that's not going to protect
you very much. But I would at least do those two things, and that will help keep your WordPress,
or any other piece of software, from potentially being hacked.