Hardening WordPress with .htaccess

BlogSecurity released a popular article last year titled “Hardening WordPress with htaccess”. It provided basic, yet effective techniques to harden a WordPress blog install.

Using Apache’s mod_rewrite allows us to perform basic filtering and application firewalling. AskApache is pushing mod_rewrite boundaries to the limits with a cool plugin that will allow automated anti-hack/spam htaccess rules.

The plugin looks like a great tool for the more tech-savvy blog user. I say tech-savvy because the plugin requires tweaking on upgrades and may require adjustments specific to your needs, however an interesting project to keep an eye on nonetheless. My personal approach would be to utilise ModSecurity which is much more powerful then mod_rewrite and which can be applied at the web server layer rather then having to have custom rules for each WordPress install.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s