Results 1 to 3 of 3

Thread: 10 Most Important things to Secure Your WordPress Blog

  1. #1
    Join Date
    Feb 2005
    Location
    India
    Posts
    11,004

    Default 10 Most Important things to Secure Your WordPress Blog

    Securing your WordPress blog is the most important thing that you must do after you have set it up on your server. There shouldn’t be any reason for you to leave your WordPress wide open for hackers to creep in and steal your information and/or destroy your data. Here are some important ways that you can use to secure your WordPress blog.

    1. Always use the latest version of WordPress and Plugins


    The latest version of WordPress always contains bugs fixes for any security vulnerabilities, therefore it is important to keep yourself updated at all times.


    No software system is immune to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, because reliable software vendors will fix their products once security holes are found.


    Keeping your WordPress site up-to-date is one of the easiest things you can do.


    2. Encrypt your Wordpress login


    Whenever you try to login to your website, your password is sent unencrypted. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffer. The best way is to encrypt your login with the Chap Secure Login Plugin.
    This plugin adds a random hash to your password and authenticate your login with the CHAP Protocol.

    3. Stop Brute Force Attack


    Hackers can easily crack your login password and credential using 'Brute Force Attack'.
    To prevent that from happening, you can install the login lockdown plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

    4. Always Use Strong Login Passwords


    Make sure you use a strong password that is difficult for others to guess. Use a combination of digits, special characters and upper/lower case to form your password. You can also use the password checker on WordPress 2.5 and above to check the strength of your password.


    5. Protect your wp-admin Folder


    Your wp-admin folder contains all the important information and it is the last place that you want to give access to others. Use AskApache Password Protect
    For WordPress to password protect the directory and give access right only to authorized personnel.

    Protect WP-* Folders

    Block wp-* folders from being crawled and index by search engines. This can be done by blocking access to wp-* from robot.txt. Add following line in your robot.txt

    User-agent: *
    Disallow: /wp-
    Disallow: /feed/
    Disallow: /trackback/
    Disallow: /comments/feed/
    Disallow: /page/
    Disallow: /comments/


    6. Remove WordPress Version Information


    A large number of WordPress theme include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.


    To remove the WordPress version info, log in to your WordPress Dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like


    <meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />


    Delete it and press Update File.


    Update: In WP2.6 and above, WordPress automatically includes the version in the Wp_head section. To fix this, you can simply install the WP-Security Scan plugin
    .

    7. Hide your Wordpress Plugins Folder


    If you go to your
    http://yourwebsite.com/wp-content/plugins, you can see a list of plugins that you are using for your blog. You can easily hide this page by uploading an empty index.html to the plugin directory.

    Open your text editor. Save the blank document as index.html.


    Using a ftp program, upload the index.html to the /wp-content/plugins folder.


    8. Change your Admin login name


    The default username is admin. You can make it more difficult for the hacker to crack your login credential by changing the login name.


    In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.


    Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion.


    9. Do a regular security scan


    Install the wp-security-scan plugin
    and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.

    10. Backup your wordpress database


    No matter how secure your site is, you still want to prepare for the worst. Install the wp-database backup plugin
    and schedule it to backup your database daily.

    VIDEO WORLD : LATEST HOLLYWOOD || BOLLYWOOD || SOUTH INDIAN VIDEOS || TRAILERS

  2. #2
    Join Date
    Feb 2011
    Posts
    43

    Default

    wow..
    thanks for the information. addtionally you should be cautious while you allow users to let enter their information.

    use captcha



    ______________
    Last edited by minisoji; 03-10-2011 at 03:40 AM.

  3. #3
    Join Date
    Apr 2011
    Posts
    10

    Default

    Thank you for bringing this important article, I have no wordpress but I'm sure there are many people that will get this help as well.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •