I am looking for the proper way of restricting access essentially to the management page of wordpress by IP.
Looking around, a solution i often see is using .htaccess. Even though not too bad for a solution, it doesn't look right plus it misses some actions that could be taken through xmlrpc.
There is also one plugin called "Secure Admin IP" which looks like is up for the job but it doesn't have a good number of installation.
Wordfence which is quite popular waf for wordpress doesn't seem to support this functionality. Does anyone have any suggestions for this issue? Is it something people don't frequently do, that's why there are not so many resources around it?
Also i am quite new to wordpress, so hopefully i haven't missed something very profound.
Related
I've looked absolutely everywhere for an answer to this, and so far have not gotten any that have solved my problem. It seems like it should be simple, but Im either getting answers that tell me to press a "Delete Account" button in my dashboard that simply IS NOT there, or someone says "look it up on Google" or something else that is not at all helpful. I've looked and am getting very frustrated. So, here's my question(s):
If I cancel the hosting (Blue Host), will it automatically cancel all payments relating to the site? That is, is signing up on WordPress free, with the hosting being the part that is paid? I can't find statements or anything related to the WordPress part of it, so I'm hoping that the hosting is the only part I'm paying for (this site was started a few years ago, and I just don't have time for it, so I don't remember anymore.)
Can a Wordpress.org account/site actually be deleted? I've emptied all the contents as stated in the documentation, but when it comes to actually pressing "Delete Account," the button is no where to be found in my dashboard! As long as I'm not paying for it to just sit there, I guess I can leave it, but I'd prefer to delete it altogether, if possible.
Thank you to anyone who offers constructive advice on this topic. I know others have asked about this, but none of those solutions have worked, so I'm asking again. (It also doesn't help that WordPress doesn't offer direct support, only forums, so if you happen to know of a good resource outside of their own documentation--which, as stated, hasn't helped me--I'll appreciate the referral.)
if you want to delete your site just delete all the file for this site in public_html folder. or if you want delete hosting for this site contact with your hosting provider. you can do it if you want to do.
But I think you can sell your domain, if your domain age is above 5 years may be your domain has SEO domain authority (DA) . you can sell it .
Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.
Looking through my site stats I'm noticing a bunch of hits on my wordpress/xmlrpc.php file. It's not from me afaik, do I need to worry about something here, is there anyway to secure this?
I'm running multiple wordpress sites on the same apache2, and it's only one of them that this is happening to.
If you don't use the xmlrpc interface (pingbacks or blogging from external sources like android/iPhone), you can turn off this feature. Settings -> Writing -> XML-RPC
I installed "Windows Live Writer" on one of my very novice clients. It is good for posts.
It is very simple and does a good job.
It needs XML-RPC.
I've got also hits on this xmlrpc.php. But I'm not even on Wordpress! That's clearly hackers who try different addresses to gain access via this php page.
Whats the best recommended way yo hide my staging website from search engines, i Googled it and found some says that i should put a metatag, and some said that i should put a text file inside my website directory, i want to know the standard way.
my current website is in asp.net, while i believe that it must be a common way for any website whatever its programming language.
Use a robots.txt file.
see here http://www.robotstxt.org/robotstxt.html
You could also use your servers robots.txt:
User-agent: *
Disallow: /
Google's crawler actually respects these settings.
Really easy answer; password protect it. If it’s a staging site then it quite likely is not intended to be publicly facing (private audience only most likely). Trying to keep it out of search engines is only treating a symptom when the real problem is that you haven’t appropriately secured it.
Keep in mind that you can't hide a public-facing unprotected web site from a search engine. You can ask that bots not index it (through the robots.txt that my fine colleagues have brought up), and the people who write the bots may choose not to index your site based on that, but there's got to be at least one guy out there who is indexing all the things people ask him not to index. At the very least one.
If this is a big requirement, keeping automated crawlers out, some kind of CAPCHA solution might work for you.
http://www.robotstxt.org/robotstxt.html
There are search engines / book marking services which do not use robots.txt. If you really don't want it to turn up ever I'd suggest using capcha's just to navigate to the site.
Whats the best recommended way yo hide my staging website from search engines
Simple: don't make it public. If that doesn't work, then only make it public long enough to validate that it is ready to post live and then take it down.
However, all that said, a more fundamental question is, "Why care?". If the staging site is really supposed to be the live site one step before pushing live, then it shouldn't matter if it is indexed.
I'm an administrator of 10-20 separate WordPress blogs, and it's a big pain for me to login to all of them separately. Is there some sort of interface that allows me to do a single-sign-on administration of all of them, like there is under a WordPress MU umbrella?
If so, what's it called? I don't even know the term I'd use to search for this.
I've yet to try it, but Virtual Multiblog might solve your problem.
Or, try the search term:
wordpress + multi blog
Google tends to vary results depending on your country of origin, so I'm not sure that what I found is what you'd find.
If it's just managing posts & pages and a few other items, a blogging client might be the way to go. WordPress provides a good starter list of programs - http://codex.wordpress.org/Weblog_Client
I've heard a lot of good things about http://managewp.com/
However I believe WordPress is implementing some sort of multi-blog support system in the next version release, so you may want to wait until that drops before laying out some cash for a service like ManageWP.