1. Home
  2. Knowledge Base
  3. Applications
  4. Wordpress
  5. How to prevent your WordPress Site from being SQL Injected?

How to prevent your WordPress Site from being SQL Injected?

Step 1: The default install of WordPress is not secure as anyone would wish, therefore the need for extra preventive measures is essential.
Step 2: To avoid this you need to make sure, no one has access to the wp-admin directory.
Step 3: Here is how you can do it:
Step 4: Create a new file and call it .htaccess ( hyper text access ) and store it in the wp-admin folder under your main WordPress installation.
Step 5: .htaccess files provide ways to control access on a per folder basis, so you can create a copy in every folder you wish to control and secure access.
Step 6: Add the following and save the file:

# allow requests for images, CSS and some JavaScript files only
<Files ~ “.(css|jpe?g|png|gif|js)$”>
Allow from all
</Files>
# allow only from your ISP
Order deny,allow
Allow from 00.000.00.000 #That’s your static IP
Deny from all
Substitute 00.000.00.000 with you ip address. You can easily find it by going to http://www.downforeveryoneorjustme.com.au

Step 7: This will allow only from your browsing location. If you want to have the flexibility widening the range to access the admin area, just enter 00.000.00. instead of 00.000.00.000
Step 8: Test by going to the Site Admin and log into your admin area.
Step 9: You should get in with no issues.
Step 10: Log out, log in again from a proxy site. You should go to a file not found error page.

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support