Start learning with our library of video tutorials taught by experts. Get started
Viewers: in countries Watching now:
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
In this screencast, we're going to protect our site with a powerful htaccess firewall. The 5G firewall by Perishable Press is designed especially for WordPress-powered sites, and is very effective at blocking a plethora of bad bots, requests, user agents, and IP addresses. Here in our FTP/file editor, we want to open the htaccess file in the root directory. Notice the existing PERMALINK rules at the top of the file. To add the firewall, grab the code from the provided file, copy everything, and then paste into your htaccess file, like so.
No modifications are required. The 5G firewall is ready to protect your site, right out of the box. Just save and upload the file to your server and return to the browser to make sure that everything is still working. The pages are loading just fine. Let's jump into the Admin and click around a little bit. This is always a good idea to check your site for proper functionality after working with your htaccess file. Everything is working great, and our site is now protected by a strong firewall.
Although the technique is simple, there's actually a lot going on in the code. Let's continue with a quick walkthrough of the 5G firewall. The first section of the code checks the query string, part of the requested URL, and blocks lots of the bad stuff. This is a key part of the firewall. The next section checks the user agent making the request and blocks some of the worst known user agents. Note that this is the same block of code used in our previous screencast.
There's no need to include it twice. Next, the code looks at the main part of the URL, which is everything but the query string. If you include only one part of this firewall, this would be it, and maybe the query string section. It blocks a ton of garbage from getting through. Lastly, the firewall blocks a short list of known terrible IP addresses. It's included as more of an example of how to block them. If you find a bad IP address that you would like to block, you simply add another line, like so.
For default installations of WordPress, the 5G firewall is a safe and powerful way to protect your site. It plays nice with many plug-ins and is easily adjusted if and when issues arise. For more information and help with the 5G firewall, visit perishablepress.com. Using the techniques in this screencast, we've protected our site with a strong firewall that blocks tons of ill requests, spammers, leechers, bandwidth thieves, and other nonsense. As expected, filtering out the garbage saves system resources and helps keep your site safe and secure for valued visitors.
There are currently no FAQs about WordPress 3: Developing Secure Sites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.