If you’re having problems accessing an SVN server through a corporate firewall or caching proxy server then see if the repository offers HTTPS, as well as HTTP, access. The system that would usually blocks HTTP access (because SVN access uses non-standard HTTP methods) can’t inspect the encrypted traffic sent to a HTTPS server so it passes straight through. This is quite handy for posting plugin updates to the wordpress.org plugin repository.
Tag Archive for 'tips'
During his recent talk at WordCamp San Francisco 2009 Matt Cutts mentioned a neat trick for restricting access to the WordPress admin area – adding a .htaccess file to wp-admin.
His technique (mentioned on slide 48 of the presentation slides) allows you to whitelist IP addresses that can access the wp-admin area (your home, workplace etc.) whilst denying access to everyone else. All you need to do is create a .htaccess file with the following content, fill in as many IP addresses as you want whitelisted and upload it to the wp-admin folder of your WordPress blog:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist home IP address allow from 123.45.67.89 # whitelist work IP address allow from 123.45.67.98 </LIMIT>
And your done! You now have full protection against nefarious types accessing your WordPress admin area courtesy of Apache.
After reading about Donncha’s experiences with the Limit Login Attempts plugin I decided it would be a good idea to implement it on my blog. It’s extremely simple to set up, but I couldn’t work out how to solve the security warning the plugin generated telling me that my ‘user_nicename’ was the same as my username.
It turns out that ‘user_nicename’ parameter is used to construct a permalink to an Author Archive. By default it is set to your username, allowing an attacker to obtain a valid username from the Post Author permalink that is commonly included in themes. Luckily the problem can be easily resolved through a simple database modification:
- Fire up phpMyAdmin.
- Select your WordPress database from the menu on the left.
- Select the ‘wp_users table’, and then click the ‘Browse’ tab.
- Locate the row that has your username in the user_login column. Click the Edit button (the pencil icon) on that row.
- Enter the desired URL version of your name into the user_nicename field, e.g. ‘firstname-lastname’.
- Click “Go” to save your changes.
To check that the process has worked, visit ‘http://yourblogurl/author/firstname-lastname/’, replacing ‘firstname-lastname’ with whatever you picked in step 5; you should now see your Author Archive page. On checking the Limit Login Attempts options page, you should see that the security warning has disappeared. Props to WordPress Hacks for the solution.