Not only creating a WordPress blog is important, but to keep it secure is more important. There are many possible ways to hack your WordPress blog and also many equivalent ways are available to secure wordpress blog. In this article i will let you know the possible ways by which you can secure WordPress blog from hackers.
Ways to Secure WordPress Blog
1. Update, Update!!!
The best possible way to protect your blog is by updating your wordpress to latest version. Also keep updating your plugins and themes to latest version.
2. Hide Plugins Folder
You can see a list of plugins by going to this url http://yousite.com/wp-content/plugins/. If you see a blank page then its well and good. It means that your plugins folder is hidden.
But if the list of plugins appears then you need to add an index.php or index.html file to your plugins folder. This may be an empty file.
3. Hide wp-admin Folder
wp-admin folder should be hidden and made accessible just for required users. You can use this AskApache Password Protect to password protect the directory and give access only to authorized users.
On his blog Google CEO matt cutts has mentioned a tip to protect wp-admin folder.
4. Remove WordPress Version Generator
Goto your themes directory and open header.php files. Locate this line and delete.
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please –>
This helps you not to display wordpress version. If you are using an older version of WordPress then anyone can choose the ways to attack your blog by looking at the source.
5. Use Strong Passwords
Use stronger passwords which includes the combination of uppercase, lowercase, numbers, symbols etc., You can also use random password generator but you need to make a note of the passwords.
6. Encrypt Login
Passwords will be sent unencrypted to the server whenever you login to your site. The best way to send passwords to the server is by encrypting them. This can be achieved by using Chap Secure Login WordPress plugin.
7. Stop Brute Force Attacks
Brute force attacks and dictionary attacks are common way to crack the password. To secure WordPress blog from these type of attacks we make use fo Login LockDown WordPress plugin. Login LockDown records the IP address and timestamp of every failed login attempt. It will lockdown the login function if more than a certain number of attempts are detected within a short period of time from the same IP range and prevent any person to login from that IP range.
8. Change Table Prefix
By default the wordpress database table prefix will be “wp_”. Change this table prefix to unpredictable names like “my_” or something else. This can be done by editing wp-config file or can be changed at the time of installation.
9. Take regular backups
The best way to maintain your blog without any worries is by taking regular backups. There are many WordPress backup plugins, but i recommend WordPress Time Machine backup plugin which helps you automatically take the backup of your wordpress blog to dropbox account.
Related article: 5 must use WordPress plugin for new blogs.
10. Make use of secret keys
You can see the secret keys in wp-config.php file. The secret keys comes in handy when your blog gets hacked and still the cookies remain in the hackers browser, from which he tries to login. Changing the secret keys by going to wp-config.php file will reset the cookies so that hacker cannot login any further.
11. Know file permissions of your files and folders.
12. Keep your htaccess file in check.
13. Make use of robots.txt files.
14. Dont use pirated stuff (themes, plugins etc.,).
These are some of the tips i mentioned to secure wordpress blog. If you know any other method then do let us know so that we can update the article.