In a way, WordPress is a double-edged sword. On the one hand, it’s ease of use and popularity make it a great choice when starting a blog. But this same popularity means that it is a huge target for hacking. For this reason alone, security should be taken seriously.

If you’re using a hosting service that runs on Unix, one way you can increase the security of your web site is by using an .htaccess file. This file is used by the web server itself in processing requests and can be programmed to re-route the request if needed.

Here’s an example of a .htaccess file that can block a couple of common script attacks:

Options +FollowSymLinks
RewriteEngine On
# if your blog is not installed in root, change the following line
# to the directory that WordPress is installed in
# RewriteBase /
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

There may already be a .htaccess file on your host, so adding the RewriteCond and RewriteRule commands after the last RewriteRule and before the would be all that’s necessary.

What this does is block three different types of attacks.

The first looks for a
Entries (RSS) and Comments (RSS) ^