Hi guys,
Just wondering if the MU Community would like the share some information on the manners in which they have secured their MU blogs?
I am trying to restrict access to my wp-admin folder only to my work IP.
I have also deleted the 'admin' account and I am using a less obvious admin login username.
But what else can I do to make MU more secure and to reduce the possibility of it being hacked?
Thanks,
Cormac
overclockwork
Member
Posted 16 years ago #
You can use WP-Ban on your blog to ban users by IP, IP Range, host name and referrer url. In your case you would have to ban access from the entire internet and then create an exception rule with IP addresses you allow access.
check: http://lesterchan.net/portfolio/programming.php
Thanks overclockwork,
Instead of doing that I could just use a htaccess block on IP.
Are there are specific MU security plugins or tips out there?
I am also interested in this subject. Wp-security-scan is a good plugin for WP, and it would be good to have something similar for WPMU. Also, I just installed WPMU and I see the table pre-fix is WP, which I believe is a security risk. I would like to be able to have all individual blogs set-up without the WP preferix, but I do not know how to do that
Cruth - changing the prefix isn't really a reliable way of securing an install, although it helps a tiny bit. If a hacker can execute SQL on your system it's child's play figuring out what the prefix is. It's "security by obscurity" and can give a false sense of security.
I would recommend upgrading to the latest WPMU whenever new releases come out and also keeping an eye on this forum.
You could also try my Exploit Scanner at http://ocaoimh.ie/exploit-scanner/ if you think you've been hacked.