I just had to come up with a quick bit of .htaccess code to very basically protect PDFs on a client’s site from being downloaded by people who aren’t logged into WordPress. I thought I’d share the code, specifically to highlight the way to detect if someone’s logged into WP through Apache’s directives.
Archive for the category ‘security’
Detecting WordPress login via htaccess
WordPress hacks and tips: Security
I well and truly cut my WordPress security teeth last year when my server got hacked. I summarized my lessons learned in that post, but the post also included a lot of things specific to the attack I was subject to. I thought I’d round up my WP security measures here for easy reference.
There’s many, many things you can do to secure WP. I’ll give links for further reading at the end. Documented here are my “baseline” measures that I make sure are in every WP deployment I create.
WordPress security
My server was recently subject to a hack attack. In some senses it was pretty serious—many new files containing malicious code, many altered files, new bogus admin accounts in WordPress. But in the end it seems I lost no data, and none of my sites got injected with spam links (which I gather was the intent of the hack).
Needless to say, I’ve been forced to quickly learn a lot about web security, and I’ve been grateful to be forced to do so without major losses. I’ll try and document some useful things I’ve learned here.
NOTE: This post contains some good WordPress security tips, but in response to a specific hacks. For a more general, comprehensive run-down of solid WordPress security measures, see this post.
Welcome! I build websites - mostly based on the brilliant, free & open 