How to secure WPMU

Good Day,

How to secure my WPMU network against Hackers…

Thank you..

  • aecnu
    • WP Unicorn

    Greetings firas80,

    Though there are many plugins out there that claim to offer security to your WordPress installation and any web site for that matter, it would be my opinion that security starts with the host and the server configuration. Are you running your own dedicated server?

    For WordPress specifically I would start with securing the wp-config.php file which contains your database user name and password.

    Add the following to your htaccess file to lock down that wp-config.php file:

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

    Next would be to go after what the search engines can spider. I add the following to my robots.txt file:

    User-agent: *
    Disallow: /wp-content/cache/
    Disallow: /wp-content/themes/
    Disallow: /wp-content/plugins/
    Disallow: /wp-admin/
    Disallow: /wp-includes/
    Disallow: /wp-login.php
    Disallow: /wp-register.php
    Disallow: /images/
    Disallow: /imaging/

    I have attached a the exact file below for your convenience.

    There are many plugins out there that claim to have security for WordPress, and I have found with several members that a few that they have tried also cause plugin conflicts or restrictions that they felt were not worth the hassle so i will not recommend any specific plugins to perform this action.

    I do know that bullet proof security plugin does cause some issues for sure, but it may just be the way it was configured by the member.

    Last but not least be sure not to allow unfiltered HTML on your site which would be just begging for trouble.

    With all that said I will leave you with the following URL for reference and your use:

    http://designmodo.com/wordpress-security-plugins/

    Thank you for being a WPMU Dev Member!

    Cheers, Joe

  • firas80
    • Site Builder, Child of Zeus

    Thanks Joe that’s great,..:slight_smile:

    I’m using both Psek and Hostgator Shared Hosting..I’ve lock down config.php.. I don’t have robots.txt file..I’ll add the below code to notepad and then save it as robots.txt and then upload to http://www.mywebsite.com/ right?

    User-agent: *
    Disallow:
    Disallow: /cgi-bin/
    Disallow: /wp-content/cache/
    Disallow: /wp-content/themes/
    Disallow: /wp-content/plugins/
    Disallow: /wp-admin/
    Disallow: /wp-includes/
    Disallow: /wp-login.php
    Disallow: /wp-register.php
    Disallow: /images/
    Disallow: /imaging/

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.