17.03
Why i type a title like that? Of course i have to because i got a small problem with some of WordPress core files. Someone has changed my adsense code with a clean way, using same channel name and similar color to mine. Here is the chronology.
This problem happen on January this year to all of my blogs, so he/she got all my earning (not too much i think). I never knew it until i thought it’s so weird if my earning falling down suddenly. That’s why i change the color schemes to make a test but my ads color still not change after one day, so i check all my source code and found my adsense publisher id is gone and changed to other pub id!
On that time i don’t know what happen, so i just change my pub id back and blogging like usually. FYI, this problem happen 3 or 4 times until yesterday with same pub id. I still don’t know what happen so i read all my website access log to find some clue. From the log i know if he/she modify my adsense code via theme-editor.php, that is a WordPress core file to modify themes from admin panel.
I don’t know how he/she can access it and i hope WordPress themes can fix it. By the way here is some great tips from uncle Google to prevent this problem happen to your blog.
1. Secure wp-admin folder - Place a .htaccess file inside the /wp-admin/ folder to block the access to all IP addresses, except yours. Of course this tips is only for you who have a static ip address. Here is .htaccess code, change xx.xx.xx.xx with your ip address (WhatIsMyIP):
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all allow from xx.xx.xx.xx </LIMIT>
2. Hide wp-content folder - The /wp-content/ folder is where you stored all your plugins and theme files. This is the place where you want to prevent other people from looking into. You can either upload a blank index.html file to all folder inside, or add this code into your .htaccess at root directory:
Options All -Indexes
3. Protect wp-config.php file - Your wp-config.php file contains all your database login credentials and it should be hidden from public view in all circumstances. Add this code into your .htaccess at root directory to prevent anyone from viewing the wp-config.php file:
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>
4. Keep your Wordpress updates - Every updates is always contains security fixes. Start from WordPress 2.7 you can easily update with one click solution, just do backup all files and database then start updating.
This tips is just a small tips from a hundreds security tips for WordPress on the net. Here is some resources if you might want to check:
- 3 Must Apply Security Tips for WordPress
- 18 Useful Plugins & Hacks To Protect Your WordPress Blog
- Wordpress Security Tips and Hacks
If you have another great resources, do not hesitate to share with us here.
Tags: hack, htaccess, resources, secure
If you like this post then please consider to subscribe my feed. You can also have new post directly to your inbox if you prefer subscribe by email.
![ignati [dot] com - Blogged](http://www.blogged.com/icons/vn_hardip_1035937.gif "ignati [dot] com - Blogged"){kind=icon}
