Comments on: Blog Security: htaccess block

By: Lucia

Lucia — Mon, 03 Sep 2007 12:30:45 +0000

That’s a good idea for a plugin too! Some might prefer it to a time out or .htaccess.

By: Adam

Adam — Mon, 03 Sep 2007 10:07:01 +0000

Perhaps an approach where if an account has been logged into more than once a Captcha-type image is displayed, such as the method used by both Wikipedia and Google to prevent brute-force attacks? This way is probably better for developers building apps for public use, along with Sam’s.

By: Login Lockdown! Keep Wordpress Safe. : Big Bucks Blogger

[...] travel, I’m going to continue to protect by limiting access to those using my ISP using .htaccess. But I’ll be testing out the Log In Lock Down in parallel. var AdBrite_Title_Color = [...]

By: Lucia

Lucia — Sun, 26 Aug 2007 12:27:54 +0000

@Blog Strokes,
Yes, if you want to make widesrepad use of subscriber functions, you can’t use .htaccess. But, you could use it for co-blog, you just put in both people’s IP. If you have more than 5 people this would be a pain in the neck.

I know I have some Ajax going on this version, everything seems to work fine with changes to just wp-admin. I’ll have to upgrade my test blog and see what happens to Ajax if I protect wp-admin.

By: Blog Strokes

Blog Strokes — Sun, 26 Aug 2007 04:45:10 +0000

Also if you do this you can also do it with your /wp-includes/ directory. But if you make changes to the admin be sure to change the includes too, or all of the nifty new AJAX will quit working, and in the new WordPress versions, you can’t really even post properly if the AJAX stops working.

By: Blog Strokes

Blog Strokes — Sun, 26 Aug 2007 04:42:08 +0000

Of course if you want to use the subscriber functions in WordPress these methods won’t work for you. But if you don’t allow people to register on your blog, it’s a great idea to implement this.

By: Don’t Get Hacked: Google Bot Trick! : Big Bucks Blogger

Don’t Get Hacked: Google Bot Trick! : Big Bucks Blogger — Sat, 25 Aug 2007 21:27:31 +0000

[...] Protect your wp-admin area using htaccess. Hacking into wp-admin is a common tactic. I discussed the steps you can take to protect that area of your blog in Blog Security: htaccess block. [...]

By: Lucia

Lucia — Tue, 21 Aug 2007 15:27:54 +0000

You can use a similar trick for anything that’s hosted on your domain. My old host had Cpanel on their domain, so I couldn’t have done it. I don’t have cpanel now. (I need to install something better now that I’m working on developing this blog. The knitting blog made money but that was entirely accidental. Knitting is my hobby.)

I should also say in fairness to Graywolf: I think his blog is way cool. But yes, I’m a bit surprised to read he got hacked this way and also reading Matt Cutts giving this advice out now. That exploit has existed a long time and it’s easy to protect against. Or at least it’s easy enough for a knitter to describe and use on her blog.

By: Andy Sundstrom

Andy Sundstrom — Tue, 21 Aug 2007 15:21:59 +0000

Lucia, you’re just too cool – that about SEO blogging types sure hit right between the eyes!

Perhaps it would be possible to use some similar trick for your Cpanel as well?

By: The Knitting Fiend » Blog Archive » May-September Haiku

The Knitting Fiend » Blog Archive » May-September Haiku — Tue, 21 Aug 2007 13:13:49 +0000

[...] were before I began blogging about blogging. That said, it looks like my post on how to protect your blog from being hacked using “htaccess” has gotten a few “stumbles”, and may soon get a flood of traffic. ( Never mind that [...]