Well gee, I feel stupid now. I tried things again with a different string to get the errors and everything worked perfectly. I’ve got no idea why? Only thing I can think is that I used a slightly shorter string this time and some updates have occurred since I last tried. Anyways, thank you for your help.
robots.txt is for instructing search bots on which pages to index and crawl. It does not block access to anything, merely instructs compliant bots on what to do with the site. .htaccess instructs the server on how to handle http requests as well as many settings for php, caching, etc. You should really study https://httpd.apache.org/docs/current/howto/htaccess.html and this http://www.robotstxt.org/robotstxt.html. I don’t mean to be pedantic, but if you want to be helpful you should be well informed before commenting.
Well, I’m no securities expert by any means, but I need this site to be as hard as possible. I’m just trying to take every precaution. From what I’ve read it’s a fairly common practice: http://www.firedaemon.com/blog/wordpress-hardening-guide
Also, you can block access to wp-config.php with the following in .htaccess, although I’m not sure how someone would be able to view the php anyways.
#block wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Yes, it’s not a catch all. If some one is determined I’m sure there are ways to find your unique prefix. However, I think it would still stop a lot of script kiddies. If someone can inject sql I’d imagine your still in trouble. I would still like to know how to do it though.
Can some one please help me out. The site supports a good cause and they are nice clients. I really don’t want them getting sued if some ones info gets leaked.
BTW, that’s in a .sql that I exported from the original db. I then import the changed .sql into a new db and repoint WP to that one in the wp-config file. This is probably unnecessary info, but it doesn’t hurt to know.
