Sell My Diamonds – wp-admin htpasswd lock, wordpress security, and the importance of maintenance.
So, I’ve been looking after a suite of websites for the last year, optimizing them for top SEO results and securing them against potential hackers. When I first landed this gig, I noticed that they had some embedded links that were invisible on the page – their theme had been hacked as the site had not been updated in quite some time – The original version of their site was practically irretrievable, as core, plugin, and theme files for WordPress had been altered. Rather than try to weed out the potential malware, I rebuilt the site using more effective plugins, and then secured it using Wordfence Security, and an .htpassword file system lockout.
The htpassword lock can’t just be set through the file manager in cpanel, as the .htaccess that goes with it essentially breaks the wp-admin area, by denying access to admin-ajax.php – the following code in .htaccess allows you to use this method to add a secondary login, and prevents index listing.
ErrorDocument 401 “Denied”
ErrorDocument 403 “Denied”
# Allow plugin access to admin-ajax.php around password protection
Allow from all
# Prevents directory listing
AuthUserFile “(path to password file)”
I often tell people how critical it is to keep your site up to date – this is a good example of what can happen if you neglect maintenance. The site had lost all relevance to google, as it had been used to link (invisibly) to spammy product sites. After repairing it, and improving on it’s organic SEO, it was a battle to remove both inbound and outbound links that were not relevant to it. Google webmaster tools allowed me to remove the offending links in many cases, and the results started to improve – dramatically.
At the time of this posting, the site is listed at #3 out of 23,000,000 results locally. Not bad, we had #1 for a while, but are up against companies with a larger budget.
You can visit the site at Sell Diamonds Vancouver