Securing WordPress Against Hackers and DDoS Attacks

The best way to secure your Wordpress website is not by using a plugin but by denying access to certain directories through htaccess file and your robots.txt file. Also choose a secure hosting provider.

I added the bit about the htpasswd to my htaccess, but now scheduled posts don’t publish automatically anymore. I really need the password as the site is under constant attack. Any suggestions?

Hey @kbez. Your wp-cron.php file is probably being interferred with.

Following this http://www.summet.com/blog/2012/04/26/missed-schedule-for-wordpress-posts-due-to-htaccess-password-protection-blocking-wp-cron-php/ and/or this https://wordpress.org/support/topic/wp-cron-with-htaccess-cron-jobs-not-running should do the trick.

Please let me know if you still have problems after following these guidelines.

Thank you for the help @gibbiv! My .htaccess already has the following instructions and still missed the schedule:

<Files wp-cron.php> Allow from all Satisfy any </Files>

Scheduled posts stopped working when I added:

AuthUserFile /path/to/.htpasswd AuthName "Login first" AuthType Basic <Files "wp-login.php"> Require valid-user </Files>

Does the order of the text in the .htaccess matter? I followed a few howto’s like the one you wrote and added instructions to protect wp-config.php, install.php, readme.html, php_error.log, as well as the following:

# Block URL based exploits RedirectMatch 403 \[

# Ban double slashes in all URLs RewriteCond %{THE_REQUEST} ^[A-Z]+\ /(([^/\ ]+/)*)/+([^\ ]*) RewriteRule ^ /%1%3 [L,R=301]

The above was added to the bottom of the .htaccess after the caching settings added by W3TC. In my wp-config.php I activated PHP error logging by adding:

@ini_set( 'log_errors', 'On' ); @ini_set( 'error_log', '/path/to/php_error.log' ); @ini_set( 'display_errors', 'Off' ); define( 'WP_DEBUG', false ); define( 'WP_DEBUG_LOG', false ); define( 'WP_DEBUG_DISPLAY', false );

This error log says nothing about wp_cron though.

I’m also in contact with my host and will give feedback if they have any success. Thanks for a great forum.

Hey @kbez. Definitely let us know if your hosting provider offers you a solution.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.