WordPress Security

You may not be aware of it but last Thursday and Friday there was a huge attack by over 100,000 independent I P addresses trying to access WordPress blogging files on all servers across the world. These attacks were trying to gain access to your WordPress installation and infected with malicious code.

Whilst we perhaps sometimes overlook the security on our WordPress sites there is a very simple way that we can restrict the access to our site to be from only one IP address (i.e. yours) and that greatly increases your security. (This of course would be another argument for using systems like get simple as they are much smaller and under the radar of the toerags that right the malicious code)

The following is courtesy of D9 hosting (who we recommend for hosting with very fast UK and
US servers)

Locking down your WordPress admin area so that only you have access to it is a great, easy to implement way of increasing the security on a WordPress based site. Simply follow the instructions below to allow access to the WordPress admin area for your IP address only.

1. Find out what your IP address is by visiting www.whatismyip.com

2. Edit the .htaccess file in the directory that contains the WordPress site you wish to access, and add the following code to the bottom of the file,
replacing the red text with your own IP address

<Files ~ “^wp-login.php”>

Order deny,allow

Deny from all

Allow from x.x.x.x


If your ISP has provided you with a dynamic IP address (one that changes regularly), you can either manually update the code to include your new IP, or you can use the syntax found in this guide to allow a range of IP addresses, or you can request a static IP from your provider for a nominal cost (I think we pay £2 per month extra)


Comments on this entry are closed.