Harden my site with htaccess

  • Resolved scifiwriter

    (@scifiwriter)


    9 years, 8 months ago

    I am very new to all of this. Hackers wrecked my site even though I had WordFence protecting it. Then I bought SiteLock. I am using their firewall, so all visitors come from their IP.

    Even so, a malicious bot somehow changed a read.me file in one of my plug-ins. I fixed it but now I want to prevent that. I read all about htaccess file and it may as well be an alien hieroglyphics.

    It cannot recognize me as the admin by my IP because it will only see the firewall’s IP.

    I would like to :
    1) protect my plugins.
    2) protect my wp-admin.php
    3) Protect my wp-admin files.
    4) Not screw up my site doing this.

    Will this work?

    <file wp-config.php>
order allow, deny
deny from all
</files>

    Will it still let me work on my own site?
    How do I protect my plugins from everybody else but me?
    Is it possible to protect my whole wp-content folder?

    I thought about doing this with robots.txt file but would a malicious bot even read that? Or would that just be a joke?

    I love WordFence and value it, but it does not seem like it is capable of protecting these file areas. Shouldn’t this be somehow integrated into WordPress itself? Oh, well. It isn’t. So, now what?

    I value your kind advice.

Viewing 7 replies - 1 through 7 (of 7 total)

  • I use Wordfence for keeping order in the yard, and there is simply (in my own opinion) nothing better than BulletProof Security — everything you have asked about and much more — for stopping all riff-raff at the gate.

    Thread Starter scifiwriter

    (@scifiwriter)

    Do you use them together? Do they work well together?

    Yes, definitely. Pick either or the other for login protection, but I only ever let BPS write *any* of my .htaccess, and then I also follow its recommendations for file permissions. So, it is like BPS handles everything up to the gate, and then Wordfence does the throttling and whatever else I would like to have in place on the inside.

    Another plugin I have found helpful is the NinjaFirewall — https://www.ads-software.com/plugins/search.php?q=ninja+firewall — that deals with all traffic before it ever even reaches WordPress. In my own case, however, I use the stand-alone version since I have more than one domain at my hosting account.

    Thread Starter scifiwriter

    (@scifiwriter)

    How do you keep them from clashing?
    I already have WordFence, so do what? Turn off the firewall?

    Install BPS and let it handle the security?

    Anything to watch out for so I don’t shoot my site in the head?

    How do you keep them from clashing?
    I already have WordFence, so do what? Turn off the firewall?

    No, let Wordfence continue its “Firewall” throttling feature. As far as I know, there is only one thing Wordfence does that is the same as Ninja, and that is this:
    “Block IP’s who send POST requests with blank User-Agent and Referer”
    If some such request did somehow get past Ninja, there would be no harm in Wordfence taking its own shot at it!

    Install BPS and let it handle the security?

    That is what I do, and with BPS and Wordfence doing different things side-by-side.

    Anything to watch out for so I don’t shoot my site in the head?

    Just trust each of those and do not try to out-think either! They know what they are doing and they do it well.

    Thread Starter scifiwriter

    (@scifiwriter)

    Thank you leejosepho.

    Tried your suggestion. No over-thinking required. You were right. Just let BPS do its thing.

    I am trying the free version 1st. Looking to see if Pro version is worth the extra $$. It may be. I am not cheap, so if it looks good, I will buy it. Always support the authors where I can.

    I write Science Fiction novels. Not making any $$ yet but time will tell.
    my site is https://www.fivemoons.org .

    Thanks again.

    I am trying the free version 1st. Looking to see if Pro version is worth the extra $$.

    My own experience suggests the free versions are fine unless/until you might see a specific Pro feature you actually need or want.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Harden my site with htaccess’ is closed to new replies.