Affiliate Promotion
Blog Help
Domain Name Tips
How To
Newsletter Marketing
Online Business Help
Search Engine Tricks
Web Development
Web Hosting
Website Advertising
Website Content
Website Marketing

Forums Sitemap
Mobile Linux
APP Generation ROI
IBM® developerWorks

Weekly Newsletter

Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

BLOG HELP

RSS

WordPress Security Tips

By: Codex-M	Search For More Articles! Disclaimer Author Terms
Rating: / 2
2009-06-19

Table of Contents:

WordPress Security Tips

WordPress Versions

Robots.txt and WordPress

Unsecured WordPress Login Page

Unsecured Forms and Plug-ins

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

WordPress Security Tips - Robots.txt and WordPress

(Page 3 of 5 )

WordPress files (not your post) are indexable by default. The primary reason is that the default WordPress installation has links pointing to it. For example, there are links pointing to your login page.

Is this a serious problem? Yes, because it will expose your admin page to the public, ready to be hacked. Try doing an advanced search in Google and place "wp-login.php" in the exact match found in the URL; you will be surprised how many blogs on the Internet are afflicted with this problem.

Robots.txt provides a solution for this. This will keep your admin files from showing up in Google search engine results. I know there are millions of blogs on the Internet, but using robots.txt to prevent search engines from crawling admin pages decreases the risk of hacking. This will ensure that no one can search your login page intentionally from the search engine results; hackers commonly use this method to find blogs to abuse.

The solution is simple, if you have full ftp access to your site:

Open your notepad.
Copy and paste the syntax below:

User-agent: *

Disallow: /wp-

Upload the file to the root directory of your website.

The syntax will prevent the Googlebot or other search engines following the robots exclusion protocol from crawling your WordPress files.

Next: Unsecured WordPress Login Page >>

More Blog Help Articles
More By Codex-M

Comments On: WordPress Security Tips

>>> Be the FIRST to comment on this article!

BLOG HELP ARTICLES

- Create a Vlog
- Creating a Personal Blog People Actually Wan...
- Offline Blog Managers
- Get More from WordPress
- Improving Blogspot Traffic with Free Google ...
- LiveJournal: Blogs for All
- WordPress Security Tips
- Blogging with Yahoo
- Sell Songs Online Safely Through Your Blog
- Are E-Zines Still Relevant?
- Rewriting URLs and Doing WordPress Redirects...
- Build a Better Blog
- Setting a Static Front or Main Page in Blogg...
- Maximize Crawlability of WordPress Blogs and...
- Create a Blogging Site
Find More Blog Help Articles

Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of d....

Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can....

Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates stren....

Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing....

Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. I....