If you are a blogger you definitely have heard about this extensively used blog software called WordPress. It is one of the leading open source blog software available on the net .But no matter how many excellent features WordPress holds, the internet is filled with dangerous hackers and malwares threatning the security of your beloved blog.
If u have been a WordPress user for quite a while, you should have known by now that it is impossible to block every attack, instead you can maintain maximum level of security for your blog. Since WordPress is an open source software with an excellent community support, it can be configured easily.
Make your WordPress blog as secure as possible with the following simple steps:
1: UPDATE TO LATEST VERSION:
Don’t make your WordPress blog vulnerable to hackers. Updating your WordPress blog is the easiest thing that you can do to fix all the security loop holes that can jeopardize your blog. Also keep your software plugins up to date because latest versions fix the bugs and security issues.
Hackers will always try their best to exploit any kind of loop holes which may compromise the whole WordPress system. So use the ability to install automatic updates in WordPress blog and maintain the latest plugin versions to ensure high security.
2: Use Secret Keys in the wp-config file:
A secret key makes your blog harder to crack by adding random elements to the password. Always use a secret key to protect your blog, because hackers are always coming up with new innovative ways to break through the security walls of WordPress blogs.
Secret Key is in your WordPress configuration file, the wp-config.php. A wp-config.php is the file which stores the database information that WordPress needs to connect the architecture. This file contains the name, address and password of the MySQL database that stores all of your user information, blog posts and other crucial content.
Go to https://api.wordpress.org/secret-key/1.1/ , copy the results and paste it into this section of your wp-config.php file if you haven’t set up a secret key.
It is in fact the heart that keeps a WordPress blog moving. By using a secret key it can be more difficult for hackers to gain access to the blog.
3. .htaccess Files to Secure Your WordPress Blog :
By using .htaccess files user limits of the blog can be restrained. .Htaccess files can be altered to manage the overall behavior of accessing your website through the internet. This includes redirecting files and directories, blocking access to files, IP addresses from certain referrers. Be sure to backup your .htaccess file before attempting to make any changes, as errors can crash your site temporarily (until the problem is resolved).
There’s no limit to what you can do with your .htaccess file, let me show you the minimum commands I would recommend adding to your .htaccess file. You can add the following directly above what WordPress already added:
Disable Directory Viewing
# disable directory browsing Options All -Indexes
Disable The Server Signature
# disable the server signature ServerSignature Off
Block Bad User Agents
Block all the bad bots, scrapers, rippers and other malware from accessing your website
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteRule ^.* - [F,L]
Block Access to WP-Config
# protect wpconfig.php order allow,deny deny from all
Block Access to .htaccess
order allow,deny deny from all satisfy all
4: Use strong passwords for WordPress accounts:
The most important one is a secured and strong password for your WordPress account. Never use common dictionary words for passwords. Always use a case sensitive password which contains both uppercase and lowercase letters including numbers and symbols. Never choose your password relevant to your blog niche.
Don’t make your password easy for hackers. Choose a strong and unique password. With a strong password, and secret key you will have a extra layer of security for your WordPress account.
5: Changing File Permissions:
Use file permissions to harden your WordPress blog. Don’t leave files or folders with too simple permissions because hackers can access them with ease. File and directory permissions can be changed within the administrative page from your web host. Don’t alter it unless you have a very good idea about what you are doing.
Use “WordPress Codex” to gain the knowledge of what permissions are acceptable.
[WordPress Codex =http://codex.wordpress.org/Hardening_WordPress#File_permissions]
Some more tips you can use are encrypted logins, limit login attempts. Never use admin as your username and make hackers job easy and regularly backup your WordPress blog, install trusted plugins, protect your wp-admin folder, remove WordPress version info since each one has its own security issues and last but not the least do a security scan regularly.
These points are just a simple glimpse of things you can do to make your WordPress blog more secure. Do Share your own security practices in the comments.
Dave is a freelance writer and security expert working for ivpn.net,one of the leading VPN service provider.
Related Blog Posts
Share The Blog Post
Last Updated: February 23, 2012
Loading ...
{ 26 comments… read them below or add one }
I searched for security plugins for wordpress. But i got all the list of available plug ins and iam confused on what to select. Your articles helps me alot to secure my WordPress Blog. Thanks mate..:-)
Thank you for giving instructions to my blog i will improve my bolg
Great article, thank you for the most important information about .htaccess.
How about wp-admin?? What that must be change to… wp-admin default http://www.yourdomain.com/wp-admin... So, what that must change to http://www.yourdomain.co/your new wp-admin??
As an additional security measure, you can do that change. I did it once, but later reverted back to the default login URL.
what wordpress plugins would you prefer for security ?
I use some security plugins like Wordpress Login Lockdown, WP Security scan.
Thanx For this nice information
Great things here to safe from hackers i will sure follow this.
nice tute Saksham and what is Ur hosting company?
I use Known Host and Hostgator now.
Thanks, these tips are priceless; not for me even for all. I am using most of the plugins that you recommend. Thanks for helping us out here.
thanks for sharing. i will improve by site with your tips. some times hackers even place the bugs in the links of blog comments. we need to be careful from such kind of attacks.
Hey saksham, Is Bloggingjunction.com powered by Wordpress?
Yes, it is Jim.
Great tips. It is very important for us to make sure our blogs are secure and save. These are great tips, will go through them again later.
Sure and do implement the tricks for your blog’s well being! :)
All good tips – I’ve moved over from Blogger to Wordpress within the last few days so I’m implementing all these features and others as I type!
You must. This will help you keep your blogs secure and prevent them from getting hacked! BTW, congrats on moving to Wordpress! Enjoy it :)
Wow, thanks for the information, in addition to strengthening the security of my site. This is what I was looking for “htaccess Files to Secure Your WordPress Blog”
Nice information. I was searching for this type of safety tricks.
Really. I was not aware about it. Thanks for posting the nice information & really helpful.
great information for my wp blog secure from hackers.
Very informative and smart. Securing your blog/website should be top priority if you ever want to truly succeed and not having to keep starting over fresh or losing vital information.
Thank u for the idea i’m happy to do this thing and prevent my blog from getting hacked by a Wordpress hacker.
actually, i’m new to blogging.right now i am using blogspot platform and created new id in wordpress and this article is really very help ful.
i like the author for such a simple post.