Start learning with our library of video tutorials taught by experts. Get started

WordPress 3: Developing Secure Sites

Controlling proxy access


From:

WordPress 3: Developing Secure Sites

with Jeff Starr

Video: Controlling proxy access

It may be impossible to block 100% of proxy visits to your site, but you can block most of them. In this screencast, we'll see how to control proxy access with PHP and htaccess. Keep in mind that not all proxies are evil. So only use this technique if you're sure that you don't want anyone visiting via proxy. Here in our FTP/file editor we're looking at the root htaccess file for our WordPress installation.

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
Please wait...
WordPress 3: Developing Secure Sites
2h 36m Intermediate Jun 27, 2011

Viewers: in countries Watching now:

This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.

Topics include:
  • Backing up and restoring your site
  • Setting up strong passwords
  • Choosing trusted plugins and themes
  • Protecting the configuration file and the admin directory
  • Securing the login page
  • Fighting comment spam
  • Blocking access and detecting hacks
  • Finding and reporting vulnerabilities
Subjects:
Developer Web CMS Web Development
Software:
WordPress
Author:
Jeff Starr

Controlling proxy access

It may be impossible to block 100% of proxy visits to your site, but you can block most of them. In this screencast, we'll see how to control proxy access with PHP and htaccess. Keep in mind that not all proxies are evil. So only use this technique if you're sure that you don't want anyone visiting via proxy. Here in our FTP/file editor we're looking at the root htaccess file for our WordPress installation.

Currently, it contains only our WordPress PERMALINK rules, as seen here. After our existing rules, let's add this htaccess snippet, graciously provided by perishablepress.com. We copy the code and return to our htaccess file and paste into place. There is a lot going on in this slice of code, so for more information visit the short URL provided here.

There are no edits to make, so we save and upload the file to the server, and we're done. Now let's jump back over to our demo site and check that everything is working okay. The pages seem to be loading quickly, and everything is working great. If for some reason, the pages aren't loading or if something isn't working right, just remove the code and try again. By itself, this code should reduce the amount of proxy traffic hitting your site, but there are many types of proxies and blocking them happens in layers.

This htaccess code is like the first layer, and so now let's add another strong layer of protection, using PHP. Here in the demo site, we go to wp- content and then to the themes folder. We want to find our header.php file in the theme that we are using. We're using the default TwentyTen theme, and here's the header.php file that we're looking for. So we click to open it and then grab the second slice of code included with this screencast.

Copy this snippet, return to the FTP/file editor, and paste this at the top of the page. Next, save and upload the file and then return to the browser and refresh the page. As expected, everything is still working fine. This second layer of code does an excellent job of transparently blocking even some of the most clandestine of proxy sites. So let's wrap up this screencast by visiting some currently available proxies and seeing if we can access our now protected demo site.

So let's head on over to proxy.org for a list of active proxy services. Try any of the ones listed in green. We want to enter the URL for our site and then click Go. Some of them may be a little difficult to determine what's actually happened, but up in the corner here, we see that access is not allowed. We have been denied access to our site using this particular proxy.

Let's quickly try another one. Proxify is a reputable proxy. So we enter our URL and click Proxify. Excellent. Proxy access not allowed. This is due to our script that we have in place. Everything is all set at this point. These two layers of protection, htaccess and PHP, are going to block out most of the proxy visits to your site. Again, it's virtually impossible to block all proxies.

There are many types of proxies available: HTTP, SOCKS, VPNs, TOR, and so on. Further filtering of proxies is possible, but quickly goes beyond the scope of this tutorial. Even so, in this screencast, we've seen how combining a little PHP and htaccess proves an effective way to block many proxy visits to your site.

There are currently no FAQs about WordPress 3: Developing Secure Sites.

Share a link to this course
Please wait... Please wait...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Upgrade now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress 3: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Welcome to the redesigned course page.

We’ve moved some things around, and now you can



Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked

Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.