Image by Roo Reynolds

We’ve reached the end in our series on how to better secure your WordPress blog. It’s been a bumpy road, but we made it.

The techniques I’ve shown here are by no means exhaustive and I don’t want to give you a false feeling that your blog is fully secured. However, the steps I’ve laid out should provide a decent amount of protection.

Many times these attackers are nothing more than kids who have a program which finds hundreds, if not thousands of login pages all accessible on the Web and will run a set number of algorithms to hack these sites while the kid pulls his corn dogs out of the microwave and gets back to his Play Station game.

The key here then is to accomplish two things:

1. Create a series of road blocks and redirects for anyone other than you who tries to access sensitive WordPress directories (like your login page).

Imagine if there were a file where anyone could go to and easily see such things as your:

• Password
• Database Name
• Server Name
• Information About Your Database

Doesn’t sound like the kind of file you’d want just laying around easily accessible, does it?

Well I got news for you, there is such a file that exists, it’s called wp-config.php.

By default, web browsers shouldn’t be able to display the contents of a .php file, however, as we all know, nothing is set in stone. Obviously, this is an important file you are going to want to protect if you run a blog powered by WordPress. Here’s a quick way to limit access to your wp-config.php file using .htaccess.

Protect wp-config.php With .htaccess

As we saw in Post 4: Setting Up .htaccess in this series, the .htaccess file is vital to the security of your website. It’s also relatively easy to set up - just create a file and name it .htaccess and then paste in some code.