Cracking Down on SPAM

 

Cracking down on SPAM, I left this blog alone for quite some time, due to my recent attack where my blogs where defaced and my cPanel details got compromised so we had to start from a backup that wasn’t compromised. After loading a backup, I saved on my computer which was dated Feb 1st. I lost a couple of posts/articles all to thanks to those hackers and spammers.

SPAM
SPAM (Photo credit: AJC1)

I retired my D3 blog because of these SPAM comments, messages.

A couple of things I did for more added security.

  1. Removed Contact Form and replaced it with Contact Form 7
  2. Added reCaptcha Plugin for CF7
  3. Installed Bad Behavior

There’s no guarantee that I can stop Spam 100%, but it should give me a fighting chance, a spambot would be stopped immediately by these countermeasures. A human spammer may still be able to get through to my defenses, but I’m not going to give up without a fight.

I also modified my .htaccess for protection, also my wp-config.php and /wp-content.

  • Securing your .htaccess – since the .htaccess is one of the most important file on your website. Naturally protecting it is one of the most vital things to do. With this simple code you can stop hackers from accessing your .htaccess file.

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</files>

 

  • WP-Config.php – If you’re running WordPress like me then the next important file is wp-config.php, because this config file contains the login information, and other useful bits of info. For more detailed Info : Hardening WordPress

<files wp-config.php>
order allow,deny
deny from all
</files>

  • Protect the /Wp-Content folder – The wp-content folder/directory another important area in your WordPress website.  Why? This is is where your themes, plugins, images, videos, and cached files are located. Securing this folder is also a priority. This is also a main target of hackers, having access to this folder means they upload a script to suit their purpose. For this to work create a new .htaccess inside your /wp-content directory/folder. Got the inspiration from a post on Creative Bloq – Protect WordPress sites with .htaccess

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

 

More on .HTACCESS

 

Enhanced by Zemanta
Continue Reading