Showing posts from November, 2013

How to protect wp-login.php using .htaccess and .htpasswd?

If you own or maintain a WordPress based website you might or might not be aware that the wp-login.php page in your root directory and the wp-admin directory are under constant attacks by malicious bots. This tutorial will show you how to password protect the wp-login.php file through the use of .htaccess and .htpasswd.

A quick side note before I continue - to improve your website’s security create a new administrator account, a non-standard username. Once that is done, delete the admin account. WordPress will automatically resign all posts and pages to any other user of your choosing.

For this primer, we will assume that your WordPress installation is in the root directory of your website. With most shared web hosting companies the path to your account’s web directory will be something similar to /home/client_account_id/public_html, where public_html is the web root directory. To view the exact path SSH into your hosted account and executing pwd, short for print working directory.

Task list when setting up a new web server. [LAMP]

This is my to-do list when preparing to deploy a new web server. The majority of the time I use Ubuntu as the operating system, though I have used Fedora and CentOS in the past. I also manage RedHat Enterprise Linux servers at work. These tasks are mainly for a web server. Setting up just a file server is a lot less work; while setting up a proper mail server is significantly more work, since they are a constant pain to configure and maintain. With a mail server you have to think of local vs external user access; logging and connection encryption; how you are going to store files; user interface and its security; MX black lists, SPAM, and open relays.