Protecting your WordPress Website

| September 27, 2010

I have earlier write an article about how to protect you WordPress website by using some simple PHP strings. This article will push further more on how to add more security features on your WordPress website so that you can able to increase your blog’s security by some simple and basic tricks.

Restrict access to your wp-config.php:

Create a “.htaccess” in your WordPress root. (to create it, use Windows notepad. Just create the file and rename it accordingly)

Put the “.htaccess” inside your wp-admin directory and, inside it, write:

<Files wp-config.php>

Order Deny, Allow

Deny from All


Trick Spam and prevent it from spamming your comment section:

Write this code in the “comments.php” file located in your WordPress theme folder. You have to place this code among the other fields which are used to write a comment, before the field where people have to write the comments them self:

<form method=POST action=”list.php” name=”list”>

<input type=”hidden” name=”submitted” value=”submitted”>

<div class=”form_01?>

<label for=”first_name”>First name:</label>

<input title=”If you managed to write in it, you are spam!!!” type=”text” name=”first_name” id=”first_name” value=”” onKeyUp=” val = this.value; if (val.length > 0) { alert(‘Please place your cursor in ‘Name’ box to start your message’); this.value = val.substring(0,0); emailform.focus() } this.form.count.value=0-parseInt(this.value.length); “>


Now, to hidden this field from people, place this code in “style.css” located in your WordPress theme folder:

.form_01 {

visibility: hidden;

display: none;


Restrict access to the wp-content and wp-includes directories:

Create a “.htaccess” inside your wp-content and wp-includes directories and, inside it, write:

Order Allow, Deny

Deny from all

<Files ~ “.(css|jpe?g|png|gif|js)$”>

Allow from all



Category: WordPress

Comments are closed.