Tag Archives: wordpress security

Securing WordPress – Fool Proof Method

Are you tired of your WordPress site being hacked?

I have a simple and effective solution. The biggest reason WordPress gets hacked is because of very insecure file permissions that exist on the backend server, and there are many bugs within wp-admin that can exploited. These permissions and exploits make it easy to upload content, install plugins, brute force attack the login and so on. But if your like me, once your WordPress environment is setup, it doesn’t really change after that. All I do is upload images and write posts. So I write a simple set of lockdown scripts which I execute from the command line.

The lockdown script does a few things:

1. It removes wp-login.php from the base web root
2. It removes the entire wp-admin directory
3. It resets the permissions on wp-content/uploads

The unlock script effectively does the reverse.

So when I need to make changes or write an article, I SSH into my server and run the unlock script. When I am all done, I run the lockdown script. Here is the raw code for those scripts, in PERL:

lockdown-wp.pl

unlock-wp.pl

A few details. My web server runs as the “www” user, so thats why I chown the uploads directory as www. My web root is /usr/local/www/apache24/data and the resources directory is my WordPress base URL, i.e. http://www.essenz.com/resources/ The script runs as root user and stores the temp files in /root