AskApache WordPress Hardening Plugin
BlogSecurity released a popular article last year titled "Hardening WordPress with htaccess". It provided basic, yet effective techniques to harden a WordPress blog install.
Using Apache’s mod_rewrite allows us to perform basic filtering and application firewalling. AskApache is pushing mod_rewrite boundaries to the limits with a cool plugin that will allow automated anti-hack/spam htaccess rules.
The plugin looks like a great tool for the more tech-savvy blog user. I say tech-savvy because the plugin requires tweaking on upgrades and may require adjustments specific to your needs, however an interesting project to keep an eye on nonetheless. My personal approach would be to utilise ModSecurity which is much more powerful then mod_rewrite and which can be applied at the web server layer rather then having to have custom rules for each WordPress install.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
Hi.
About: “Restricting wpcontent
& wpincludes” do i need to put two copies of the .httacces file in each folder (wpcontent & wpincludes) or just one in the top level directory ponting to both?
I just read .htacces files supercedes the .htacces file in the above directory.
From what’s told within the linked Article you would need to put it into each folder as the directory tag is only allowed to be used within httpd.conf. You could mod for sure the current htaccess file so it doesn’t block every php file like index.php if it would be within the root WP folder. Anyway this way here isn’t the best one as AskApache suggested some time ago. It’s better to proceed this way:
http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html
as described under Protect wp-content & wp-includes. This is only denying direct requests to these files, internal calls will still work.
[...] WordPress with .htaccess Filed under: htaccess, security — htaccess @ 4:56 pm AskApache WordPress Hardening Plugin Filed Under (Plugin Reviews, WordPress) by DK on 7 August [...]