• /wp-admin is where you go in WP to control the blog. It’s where you write to and post from, as well as perform administrative tasks.

I felt it prudent, so I took a few steps to protect the place. Firstly, I renamed the default admin account to something else. A task made fairly easy using your web host’s tools (phpmyadmin). Doing this will make it more difficult for fools to to make their way into the blog’s control panel. I also set up one helluvagood pass phrase for myself. Once that was done I took steps to limit just how many computers can hit that directory. This was done with a .htaccess file. Check out http://en.wikipedia.org/wiki/Htaccess for info on what else you can do with htaccess and some tutorials.

My file looks something like this:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “MattSnell”
AuthType Basic
<LIMIT>
order deny,allow
deny from all
allow from 192.168.1.100
allow from 192.168.1.101
</LIMIT>

What it does is deny access to ALL IP addresses (order deny,allow and deny from all) and then selectively allows ONLY those in the allow from list.

Since I have two public IP addresses that almost never change, I just specify them in the allow list and upload the file to my /wp-admin directory using scp or ftp. If my IP address ever changes, I won’t be able to edit or otherwise admin the blog until I go in and update the file. No biggie, only takes a moment.

So there you have it, change the default admin username, set a good pass and limit how many IP addresses can access the control panel. Feeling better already