Security tips

Get a decent website HOST

Fluffytech recommends using ROCHEN servers for unparalleled service and support. Straight out of the box they scan for and block malicious activity and limit brute force attacks without you even knowing about it.

Lock down your wp-admin folder with white listed IP addresses

In my experience security plugins are difficult to configure and have horrible side effects, like total lockouts. In my opinion the simplest way to protect your wordpress site is to limit who has access to the Admin by checking their IP address.

Do not edit your Root .htaccess file, don’t paste these codes in there. It must be /wp-admin/.htaccess if you don’t see that file then create a blank file, name it .htaccess in your wp-admin folder.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Kermit's IP address
allow from xx.xx.xx.xxx
# whitelist Miss Piggy's IP address
allow from xx.xx.xx.xxx
# whitelist Gonzo's IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
# whitelist Holiday IP address
allow from xx.xx.xx.xxx
</LIMIT>

Boring instructions courtesy of WP beginner

 

Facearse Tweep Internetmail