Week Ten: Developing Secure Sites 3

1. What is the wp-config file for?

It contains the most sensitive information that hackers would love to get their hands on like the admin’s username and password and the Authentication keys.

2. Protect your wp-config file as the instructor demonstrates: NOTE: .htaccess is a hidden file, so you need to be able to see hidden files. If you do not see it in Dreamweaver, then update your .htaccess file through your hosting and file manager. Also, if you do not have access to the work files.. just pause the video and type in the code EXACTLY as shown. Check your website to make sure you don’t see any errors.

I was unable to find the .htaccess file no matter which method I used. I tried Dreamweaver with Show Hidden Files on, I tried managing my files through GoDaddy and tried using FileZilla with Force Showing Hidden Files. Nothing worked to show or access my .htaccess file. I also spent an hour searching the web for a solution, but nothing worked. On a side note, my site already gives a ‘forbidden’ message when I try to access wp-config.php direcctly from the address bar.

3. Apply the authentication keys.. upload a screenshot

Done.

4. How can you protect your admin directory (DON’T DO THIS AT THIS TIME JUST ANSWER THE QUESTION)?

Create an .htaccess file in the wp-admin folder of your site.

Paste the code: # SECURE WP-ADMIN

Order Deny,Allow
Deny from all
Allow from ‘your ip address’

This would allow the admin login to only be accessible from your ip address. In relation to our Web 3 class, this would only work if the additional ip addresses connected to BCC’s wireless network and computer lab computers were included in the Allow section as well.

posted on: Sunday, April 4rd, 2016 8:44 PM EDT | category: blogLynda.com | written by: Joseph


Leave a Reply

Your email address will not be published. Required fields are marked *