When you set up your first site, you probably connected to it using the old stalwart, FTP.
Using this super-duper File Transfer Protocol was jolly convenient, a bit like using the Windows File Explorer. Drag, drop, copy, paste. Happy days.
But then you read somewhere how someone had their server login credentials pinched and their site was turned into an ad-fest for Viagra. Man-in-the-middle? Bummer.
Eventually you arrived here, looked up this topic and here we are. Full marks.
Lock Down WordPress Connections
What we must do is to protect your logins to WordPress and other online apps so you can administer securely while keeping your data and credentials flying well under the radar. So here's the plan:
- Securing wp-login and admin panels with HTTPS
- Creating impermeable PC-to-server encryption with SSH
- Flaming FTP in favor of SFTP for file maintenance
- Then we'll ride bareback with Apache modules ..
- … mod_access and htaccess for the art of denial
- … mod_auth (and its many cousins) for added protection
- And milking other creamy tools along the way
We'll crunch out these super-strong solutions regardless of your local machines and regardless of your hosting type … so knock back a coffee and let's crack on.[showcaseWebConnections]
Let's face it, following these topics isn't straightforward. Some of the setups, for example implementing SSH authentication keys, can be infuriatingly fiddly for Linux noobs. Be patient, and careful, but don't give up on the learning curve. I promise, one day, you'll be grateful.
Even those with shared hosting should be milking these techniques or, at the very least, understanding the dangers of using things like FTP and, oh dear, http. Mission critical sites – or just ones we care about – and sites sat on more advanced serving will often devour the lot.
One last point, and hopefully some encouragement: while this WordPress and server connections section is no more important than anything we've covered already here at the ‘Cop, it does stand us in good stead for the rest of the site. Given awareness and, where required, implementation of the above, you'll better understand what the deuce I'm talking about in wpCop's Server section and wpCop's WordPress section. You'll be glad of that.
Splendid, enough of the pep talk. Put on the coffee, crack through those guides, then upgrade to the whiskey. 😛