Author Box
Articles Categories
All Categories
Articles Resources

Practical Ways to Tighten Up Your WordPress Security

April 14, 2012 | Comments: 0 | Views: 130

"You've been hacked!" Imagine how you will feel when you visit your blog only to find all your previous work has gone and some clown has taken over your site.

An average of at least 100,000 sites are hacked every day since January 2011; those are the ones that were reported, most go unreported. 17 WordPress vulnerabilities appeared in just the first 3 months of 2011 and many thousands of plugins are not continuously monitored nor fixed.

For all its fabulous strengths, there is an equally strong downside to WordPress. Unfortunately, the fact that it is so popular is exactly why it attracts so many hackers and internet evil-doers who seek out WordPress sites for play and prey. And they don't even scan for vulnerabilities personally; they use automated "bots" that work non-stop looking for holes.

Once they find a hole, they can use that entrance point on many thousands of other sites and yours could be next.

It happened to me several times in a row and I suddenly lost dozens of sites that were on the same server. The loss of sites and subsequent loss of time spurred me to investigate my whole approach to WordPress security and this is what I want to pass on to you.

First of all, you should understand that nothing will work perfectly, after all, hackers break through far stronger defenses than I am about to recommend. The best you can do is - do your best - and make it harder for the junior hackers to cause you harm.

Always have a recent backup so you can quickly replace a hacked site. Make sure you have the latest versions of WordPress and all your plugins because they contain the latest fixes for known holes that the bots are looking for.

Delete those unused themes and plugins you are hoarding. Old and inactive themes are a serious security risk. Either use ftp or your WP admin dashboard and remove them from the wp-content/themes/ directory; just reinstall when you need them.

Do not use public wifi for logging into bank accounts and your sites because there is no security in public. Only install plugins that you can trust because the wrong ones will install a free key to everything you have; be warned.

Delete the automated "admin" user and setup a harder name to crack. Use scrambled passwords that are genuinely random using all kinds of characters from your keyboard. When you set up that new user, give them a nickname that will show to the public - make it different to the username so it is harder to find.

There are many excellent security plugins available but if you install too many plugins your site will load more slowly and that will damage your search engine rankings. I'm just going to give you tips that you will have to do yourself using ftp. If that sounds too hard for your current skill level, then use plugins such as WP-secure, Login Lockdown, Akismet, Chap Secure Login, WP Security Scan which will do many of these things for you.

Create an empty index.html and an empty index.php then upload them into your plugin directory to hide your plugins folder so no one can see what plugins they can exploit there. Upload the same file into your themes folder to hide them too.

Set file permissions to 644 on your wp-admin/index.php and to 600 on wp-config.php so they cannot execute.

Hide your WordPress version so hackers won't know what version you are running. Go to your theme's folder and open "header.php". Delete the line <meta name="generator" content="WordPress <?php bloginfo('version');?>" /> - it has no useful purpose.

Replace the automatic wp_ MYSQL table prefix with something more random. If this is too risky for you to do, WP Security Scan plugin will do this for you.

There are other measures you can use to restrict access and the ability for an intruder to find various folders on your server but they will mostly require adding various code elements to you htaccess file and I don't want to encourage that here. But if you are more adventurous, you can find lots of quality advice on the web.

I do encourage you to take as many steps as you can to lock out intruders simply to save your time, work and perhaps your livelihood.

I love helping small and local businesses to market themselves against bigger competition. If you'd like to read other tips, please visit my site

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Wordpress Security


Wp Security


Security Plugins Available


Wordpress Sites

Hence the professional search engine services are very beneficial and also help to increase traffic and clients on your site. This is also helpful to attain target and increase sale. Is you have

By: Mukesh Kumar l Internet Businesses > SEO l December 28, 2012 lViews: 348

Some people are still unaware about how helpful the redesigning of website can be for them. In order to have a better understanding, these people should have clear knowledge the importance of website

By: dauly rani l Internet Businesses > Web Design l December 27, 2012 lViews: 413

If you use SEO, Montreal is a great location for tapping an online audience because of the city's sophisticated business landscape. For your small Montreal business, maximizing your blog's visibility

By: quincycovillon l Internet Businesses > SEO l November 16, 2012 lViews: 218

As it is a well known fact that website development carries big dream of people; it is none other than revenue generation quickly. Although many people fantasize that creating and building website

By: Mohsen Ansari l Internet Businesses > SEO l November 16, 2012 lViews: 267

Today everybody is after a successful business and to make a business successful one goes to any length resorting to different tactics. If anyone has an online business, he must be trying best to

By: suresh chakma l Internet Businesses > SEO l November 04, 2012 lViews: 217

Website development has transpired as an industry in the last decade. A company or a person develops web sites to be placed on the World Wide Web in the field of web development. Here Helena tries to

By: newagesmb l Internet Businesses > Web Development l October 26, 2012 lViews: 203

Blogging used for business online? Perfect! It does not need a large investment to put up. Although progress run slowly, it’s a surefire business as long as you’re patience enough to face the

By: Hazell Internet Businesses > Bloggingl October 20, 2012 lViews: 196

What blog posts have you recently read that ask more questions than they answer? I wonder how many would dare to write a post that offers absolutely nothing other than encouragement for users to

By: Marc LeVinel Internet Businesses > Bloggingl June 13, 2012 lViews: 233

When writing your blog posts, do you only write when you have something to say or do you write blog posts ahead and schedule them to go out at a later time? Let's look at the difference... First,

By: Celene Harrelsonl Internet Businesses > Bloggingl June 13, 2012 lViews: 196

I'm no marketing guru. In fact, I'm a senior citizen working this thing only part time, so I'd like to give you the real truth about how it can help a real person who already has a full time life -

By: Nancy Harnelll Internet Businesses > Bloggingl June 13, 2012 lViews: 208

You might already know what a blog is, but do you have one? Because if you don't then you really ought to.

By: Lewis Turncoatl Internet Businesses > Bloggingl June 13, 2012 lViews: 153

You can really build a professionally looking blog or website even though you are not a certified web designer. Places abound online where you can get the basic tools to enable you achieve your dream.

By: Joseph Ezie Efoghorl Internet Businesses > Bloggingl June 13, 2012 lViews: 163

Discuss this Article

comments powered by Disqus