WordPress security is really a major concern these days. There is a massive attack going on right now and lot of WordPress blogs are getting hacked. If your site/blog is on a WordPress platform without any security and it is still not hacked, then possibility of getting hacked might occur in the future. Hence it is important to prevent your website from being hacked. There are some methods to secure your WordPress blog, we will show you few of them.
Keep A Strong Password:
If you use easy to guess passwords like “admin” or “123456″ then your site is most likely to get hacked. We recommend you to use strong passwords, which should be a combination of special symbols, numbers and upper/lower case alphabets. Anything like “WordPress!@12″ is a good example of a strong password which are tough to guess for the hackers. You can also check your password strength in the profile section of WordPress admin panel and accordingly set the password.
Change Your User Name:
The default WordPress login name is “admin” which is well known to the hackers, so it is very important to change the login name. Following are the steps to update the login name:
1) Login into the admin panel
2) Go to “Users” and click on “Add New” to set up a new user account
3) Enter the details of the new user and assign administrator role to this newly created user
4) Logout from the current user and login with the new user account
5) Select “All Users” from “Users” menu, check the box adjacent to the previous admin user by the name “admin” and press delete to remove the user.
6) When you are prompted with a message asking for deletion confirmation, select “Attribute all posts and links to” and select your newly added login name from the drop-down to migrate all your post to your new login name. Press confirm to delete the user.
Upgrade Your WordPress:
The latest version of WordPress will take care of all the new threats which are unable to fix by its predecessor. Hence it helps you to improve the security in order to prevent it from the hackers.
We suggest you check
BlogSecurity and
WordPress Development as they will keep you updated whenever any new version of WordPress is released .
Managing Users:
You should not give administrative privileges to all the users, as this will give them full control over your website. Therefore, you need to define the role of the other users with a limited authority to work on the blog.
Database Backup:
You should take the backup of entire database on a daily basis. There are free plugins like
BackWPup and
BackupBuddy which takes the database backup of your WordPress blog. Otherwise, ask your web hosting provider to backup your blog’s database.
Delete WordPress Version Information:
There are some themes or sites which contains the wordpress version in the meta tag. Hackers can easily retrieve this information and prepare the attack plan aiming the security vulnerability for that version of the blog. To remove the version info, see the below steps:
1) Go to your WordPress dashboard.
2) Select Theme Editor in Design.
3) On the right side of panel, click on Header File
4) On the left side, you see some codes, check for below line:
php bloginfo(’version’); ?>” />
5) Delete it and press update file.
Folder Protection:
The wp-admin folder contains all the website data, so it is very important to protect this folder. Use the plugin
AskApache Password Protect to setup password protection to the folder and give access right only to authorized user.
Security Scan:
You can install the plugin
WP Security Scan and carry out scan regularly for any security vulnerabilities. This plugin also allows you to change your database prefix from wp_ to any prefix of your choice.
Brute Force Attack:
A brute force attack is a method used to obtain information such as a user name or password by using automated software which generates a large number of consecutive guesses so as to get the desired data. Hackers can easily crack your password by this method. To prevent this from happening, you can install the
login lockdown plugin. This plugin keeps the track of IP address and timestamp of every failed login attempt to your blog. Once a certain number of failed attempts are investigated, it will disable the login function for all requests from that IP range.
Hide You Plugins Folder:
Always make sure that you hide the plugin that you are using for your blog by uploading an empty html file to the plugin directory. In order to deploy blank html file, open your text editor and save the blank document as index.html. By using a ftp client, upload the index.html to the wp-content/plugins folder.
By applying all the above methods related to wordpress security, we ensure you that the chances of getting hacked will be very less to your blog.
How safe is your WordPress blog? Do share if you know more options to prevent WordPress hacking.