GoDaddy/Wordpress hack
Out of context: Reply #2
- Started
- Last post
- 3 Responses
- acescence0
security 101...
- install wordpress in a folder, not on the root of your server. you can still have the site appear on the root of your domain
- use htaccess and htpassword to add another layer of protection to your admin panel or limit access by IP
- change the default admin user name
- put your wp-config file above http root or use htaccess to make it not directly accessible
- use .htaccess to make everything in wp-admin not directly accessible via http
- use ssl to access the admin panel over https
- disable ftp and use ssh instead
- remove the generator meta tag so bots can't easily discover you're running wordpress
- use htaccess to restrict access to specific file types within your directories, image files in dirs that should only contain images, or css, or js, etc..
and get real hosting, not shared! a vulnerability in someone else's site can provide an in to your account, use a vps instead. if you're not comfortable with any of this stuff and security is important to you, hire someone who knows what they're doing.