Security Measures to Keep your WordPress Blog Safe from Hackers

May 242012

All blog owners want to secure their blog from hackers. The worst nightmare for any blogger is getting his/her blog hacked by someone. WordPress is one of the most used CMS, so it is a prime target for hackers. Hackers will delete the files and database of your site and steal personal information. So, we need to take some security measures to keep our WordPress blog safe from hackers. Below are some tips which can be used to secure our WordPress blog.

Choose a Strong Password:

You need to choose a strong password for your WordPress blog and hosting account. A strong password includes use of numbers, capital letters and symbols. Never use your birthdate or any dictionary word in your password. It is good to use password generators which are present in your hosting account if you don’t get ideas for a strong password.

Take regular Backups of your Database and Files:

Make a habit of taking a Backup of all your Database and Files at least once in a week. There are many plugins out there which does this job for you. I recommend installing BackWPup as it takes a full backup of files and database automatically at a scheduled time and can send the backup to online storage drives like Sugar Sync, Dropbox, Amazon S3, Google Storage Rack Space and Microsoft Azure.

Never install nulled plugins and themes:

Nulled plugins or themes is a pirated or cracked version of the original plugins or themes. Do not go for nulled plugins and themes. Always download themes and plugins from your WordPress dashboard.

Keep your WordPress version upto date:

Update your WordPress version as soon as a new version is released because the new version may contain some security fixes. Also keep your plugins and themes upto date as authors of themes and plugins may have fixed some loop holes in the new version.

Install Security Plugins:

There are a lot of plugins out there which are concered about your blog’s security. Login Lockdown is one of them. It restricts the rate at which failed logins can be re-attempted from a given IP range. So you are free from password guessers and brut force attackers. You can also install ‘BulletProof Security’ plugin but I don’t recommend it for newbies as it is very complicated and if configured in a wrong way, it can damage your site.

Change the default ‘admin’ username in WordPress:

Many bloggers use Fantastico or Softaculous to install WordPress. This automated installers keep the default username ‘admin’ which new bloggers usually don’t feel to change. The username ‘admin’ is common to everyone, even the hackers. So they can go for your password. As WordPress username, once fixed cannot be changed via Dashboard, you can change it via phpmyadmin. Just go to wp-users table and locate your username and change it.

Prevent the WP-Admin section from being indexed:

Search engine spiders, by default indexes everything unless they are told not to do so. Admin section contains all the sensitive information of our blog and hence we should prevents spiders from indexing it. You can do it via cPanel or by editing your robots.txt.

Scan your PC and blog for malware:

The hacker might be controlling your browser with a malware, so it can easily access all the information from your browser. So perform a full scan your PC and blog atleast once in a month.

Do you think I missed some points. If yes, then I would love to hear from you.

Image Credit

Bio
Twitter
Facebook
Google+
Latest Posts

Naser

Administrator at Tech Audible

Hello friends, my name is Naser Mohd Baig from techiefusion. I also manage techiedrive. I am interested in reading and writing about technology and latest gadgets.

@techaudible

Follow @techaudible

+Naser

Latest posts by Naser (see all)

How To Extend Volume Using Disk Management in Windows? - April 17, 2013
Fix Black Screen with Blinking Cursor in Windows 7 - April 10, 2013
How To Flash Custom ROMs In Your Rooted Android Device? - March 1, 2013

http://www.speakingoflove.net/ Sally Brown

Hi Justin,

I really like this post and will be saving to keep for reference. Thanks. Sally
- http://www.techblazes.com/ techblazes
  
  @Sally Brown Thanks for appreciation
- http://www.dragonblogger.com/ Dragon Blogger
  
  @Sally Brown This article was written by Naser, you will see many articles on DragonBlogger.com that I didn’t write. I became a multi-author blog in October 2010 and have a writing staff currently that includes Naser, Gow, Samir, Mitra, Mark, Victor, Florin and occasionally Joel. These are my regular site contributors/staff and are not the guest bloggers who also take time to get some notice. You can learn more about my writing staff from this page http://www.dragonblogger.com/about/writing-staff/
  - http://www.techblazes.com/ techblazes
    
    @Dragon Blogger Thanks for the mention Justin
  - http://www.speakingoflove.net/ Sally Brown
    
    @Dragon Blogger Thanks for the explanation, Justin. Seems like you have some great writers here. Sally
    - http://www.techblazes.com/ techblazes
      
      @Sally Brown Writers are great because of great readers like you
http://www.richescorner.com/ richescorner

These are really good basic security tips. If you are a bit more knowledgeable, you could also secure your website with a certificate and get https
- http://www.techblazes.com/ techblazes
  
  @richescorner Thanks for adding value to the article Richard
http://www.techinitio.com/ Rashmi Sinha TechInitio

It is sad that you have to be careful with everything in the Internet. Anyway, make sure you all keep blogs safe, it is really bad when you see you have been hacked.
- http://www.techblazes.com/ techblazes
  
  Yes Rashmi, Due to some bad people, internet is regarded as bad.
http://socialwebqanda.com/ Andrew

Nice post! I’ve been hacked when I had failed to update WP on one of the sites on my hosting plan. It was terrible, and I’m a lot more careful now! I hadn’t heard of preventing wp-admin from being indexed, but that makes a lot of sense.
- http://www.dragonblogger.com/ Dragon Blogger
  
  This site was hacked 3 times in the last few years, one was due to the Tim Thumbs vulnerability.
  - http://www.techblazes.com/ techblazes
    
    @Dragon Blogger Did you remove that malware by your self Justin?
    - http://www.dragonblogger.com/ Dragon Blogger
      
      @techblazes Yes, I did and wrote an article about it for other bloggers http://www.dragonblogger.com/wordpress-website-hacked-remoteviewphp/
    - http://www.techblazes.com/ techblazes
      
      @Dragon Blogger I suggest you to install Timthumb Vulnerability Scanner. It Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.
- http://www.techblazes.com/ techblazes
  
  Hello Andrew,
  WP- Admin contains all the sensitive information about the blog and it should be prevented from being indexed. The latest WordPress version by default adds the text below in robots.txt :User-agent: *
  Disallow: /wp-admin/
  Disallow: /wp-includes/
http://earnmoneybd.netii.net/ tanik

It is sad that you have to be careful with everything in the Internet. Anyway, make sure you all keep blogs safe, it is really bad when you see you have been hacked.
http://www.ipnostudio.com/ Andrea T. H. W.

Isn’t it boring that WP creates an author page with your username even if you change it? Boring and dangerous. I have Bulletproof Security and AntiVirus on my test website so a tutorial would be pretty cool. Other than this very good post.

Shared on Twitter and FB.
- http://www.dragonblogger.com/ Dragon Blogger
  
  @Andrea T. H. W. An author page isn’t necessarily a bad thing, especially for a multi-author blog, you can de-index it you want with the robots.txt file but having an author page in itself even the default WordPress one is not a security risk. The key is to not make your “display name” the same as your author login ID, or else you could be giving away your login ID for others to try and login with.
  - http://www.techblazes.com/ techblazes
    
    @Dragon Blogger Even if we change the display name, the URL of the author page shows the username. For example: http://www.dragonblogger.com/author/username. I guessed your username too .I wish if we could change that part of the URL with another word.
    - http://www.dragonblogger.com/ Dragon Blogger
      
      @techblazes So much for that theory, well strong passwords are essential for your WordPress accounts.
http://technocharm.com/ Pace

I would like to do this to my wordpress blog. But its quite obvious to do
- http://www.techblazes.com/ techblazes
  
  If it is obvious for you, then why don’t you give it a try ?
http://myasianaffair.com/ Maya

The tips given are all common. I thought that this blog has something new to share.
- http://www.techblazes.com/ techblazes
  
  Sorry to disappoint you. If you are expert in field of WordPress security, then why don’t you share some tips with the readers of this blog?
rlb2289

Great! All we need to do is to be more careful in the internet.=D
<a href=”http://www.fastdesign.com.au/ecommerce-web-designer/”>web designer</a>
http://www.ngulik-blog.com/ koran

It is sad that you have to be careful with everything in the Internet. Anyway, make sure you all keep blogs safe, it is really bad when you see you have been hacked.
http://extraincomeblogger.com/ SuneXtra

Lost of people don’t realize how important security on your blog is. I installed the plugin “Limit Login Attempts” on by blog a while back - I’ve had 44 lockouts, and there is currently 1 IP blocked from trying to login. And like you mentioned, change the default ‘admin’ username in WordPress… ALL of the lockouts on my blog, have been trying to log in with the username ‘admin’!!
- http://www.dragonblogger.com/ Dragon Blogger
  
  @SuneXtra Very good point about changing the default “admin” my own sites get about 3 lockout notifications per day but there is no “admin” so either a guest blogger account is being attempted or it is quite easy to find the owner account of a blog, just look at post author and try those login names.