htaccess

October 20th in Wordpress Tips by .

Your WordPress login page is quite attractive to hackers. If they somehow get through your defenses through brute force attacks, you are in trouble. I know many WordPress users that do not take time to protect their wp-login.php file on their website. Here are 3 simple ways to do that:

Limit Login Attempts Plugins: these plugins limit the number of times someone can get username/password pair wrong. It alerts you when your site is under attack and bans abusive IPs. [click to continue…]

{ 0 comments }

Continue Reading

September 8th in Wordpress Plugins by .

The .htaccess file is very powerful. Those of you who run your WordPress site mainly on Apache have probably played with your .htaccess file in the past to handle redirects or secure certain parts of your website. You can always edit the file by using the appropriate client. WP htaccess Control is a cool plugin that makes the process even easier. It lets you edit the file and add advanced customizations to it from within WordPress. [click to continue…]

{ 0 comments }

Continue Reading

August 11th in Wordpress Plugins by .

Content theft is a big issue these days. Some people not only have no issues stealing other people’s articles, they lift their images without giving credit back. Hotlinking is specially nasty. It is the practice of using someone else’s image on a site and stealing bandwidth in the process. Thankfully, there are ways you can stop people from stealing your content and bandwidth. If you know your way around .htaccess, you should have no problem handling this. But these 3 hotlink plugins for WordPress can do the job as well:

Configurable Hotlink Protection: blocks links to videos, images, audio files from a third party server. You do have the option to white-list certain sites. [click to continue…]

{ 0 comments }

Continue Reading

December 16th in Wordpress Plugins by .

Those of you who run your WordPress site on an Apache server know about the importance of optimizing your .htaccess file. You can use this file to make changes to your URL structure, control your cache settings, block things, and do all kinds of other neat stuff. Of course, you want to know what you are doing before making major changes to your .htaccess file. These plugins make it much easier for WordPress webmasters to deal with this file:

 WP htaccess Control: provides you with an interface to make changes to your .htaccess file from WordPress. It suggests .htaccess rules to make life easier for beginners.  [click to continue…]

{ 0 comments }

Continue Reading

November 10th in Wordpress Hacks by .

A lot of us have done it in the past, hopefully without knowing. You read a blog, you see a nice image that you can link to, and you do it without really thinking about the ramifications of your actions. In general, you should not link to an image that you do not have the right to, and you should not others’ bandwidth to serve the image on your site. But a lot of folks do it, and that’s a big problem for folks.

You have two options at this point. You can either watermark your WordPress images (read a tutorial on it here) or you can use .htaccess to protect your images from getting linked. Hot Linking is not a big issue if you are not serving that many images or your blog is not that popular. But once you start getting real traffic, it’s easy to get over your monthly hosting limits if people hot link to your images. That’s why I prefer using the .htaccess instead of watermarking my images. I rather cut off the access altogether.

So here is how I would do it using .htaccess. Please note that there are plenty of tools that you can use to customize your htaccess, and there are multiple ways of doing this, but here is what has worked for me:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wpjedi.com/.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]

For those of your not familiar, here is what we are saying. We are saying that if the referrer is not WPJedi.com (not case sensitive) or any of the sub-directories, return a 403 error code. Now you can grab this and use it on your own domain, but make sure that you change wpjedi.com with your own domain. Also, as you can see, WPJedi currently doesn’t host any video files, but if you are doi10ng that, you want to make sure you add .mov, .avi or whatever extension you are using for your videos to the fourth line.

Did I miss anything? Do you do it another way? Please share your experience with the code.

{ 0 comments }

Continue Reading