I was looking for a way to secure my <a href="http://www.wordpress this post.org/”>WordPress sites easily. Since my server only has a few IP addresses and I don’t want to buy and install SSL certificates for each web site, I was looking for an easy way to secure my WordPress Admin area.
Using htaccess files to secure your web site
I’m a big believer in using sever-side security tools. You can easily add an .htaccess file to any Apache web server web site for quick server-side protection. This is a simple text file used to tell Apache how you want to secure your files or folders, among other things you can use .htaccess for.
The two main ways I use server security is to restrict by user authentication or IP address restrictions. Because user authentication involves a username and password, unless I control the password, I don’t know if the user actually is using a secure password. I suspect people are creating better passwords these days, but if you don’t have a tool to help you remember passwords, people generally create passwords that are easy to remember…and easy for hackers to figure out!
If you like to use passwords, I highly suggest using this online site to generate REALLY good passwords: GRC’s Perfect Passwords
I will take a random selection of the middle row to generate REALLY secure passwords.
I prefer using IP address restrictions for security
Even as good as GRC’s passwords are, I still prefer using IP addresses to restrict users from my admin pages. This approach is great if you have a static IP address but you do need to keep updating the .htaccess file with updated IP addresses if your IP address changes. I needed an easy way to re-generate that .htaccess files. There are a few htaccess generators online but I wanted something customized for me so I wrote one this afternoon. You can access it here:
Here’s what it looks like:
This htaccess generator is very simple to use. You enter in a list of IP addresses (one per line) and what action you want to take and generate the code, either to ban the list or only accept that list of IP addresses.
After you run the code generator, just copy and paste the generated code into a text editor and save it in the folder you want to protect.
I store the list of IP addresses in a cookie in your web browser (NOT on my server) for six months. The next time you come back to re-generate your htacces file, your list of IP addresses will still be there.
You can use the htaccess generator for your web server to protect or exclude a list of IP addresses quite easily. If you have a dynamic IP address, you may need to keep updating your .htaccess file, but this generator makes easy work of that. It’s a lot more secure than just letting anyone have a crack at your wordpress admin area!