All blog owners want to secure their blog from hackers. The worst nightmare for any blogger is getting his/her blog hacked by someone. WordPress is one of the most used CMS, so it is a prime target for hackers. Hackers will delete the files and database of your site and steal personal information. So, we need to take some security measures to keep our WordPress blog safe from hackers. Below are some tips which can be used to secure our WordPress blog.
Choose a Strong Password:
You need to choose a strong password for your WordPress blog and hosting account. A strong password includes use of numbers, capital letters and symbols. Never use your birthdate or any dictionary word in your password. It is good to use password generators which are present in your hosting account if you don’t get ideas for a strong password.
Take regular Backups of your Database and Files:
Make a habit of taking a Backup of all your Database and Files at least once in a week. There are many plugins out there which does this job for you. I recommend installing BackWPup as it takes a full backup of files and database automatically at a scheduled time and can send the backup to online storage drives like Sugar Sync, Dropbox, Amazon S3, Google Storage Rack Space and Microsoft Azure.
Never install nulled plugins and themes:
Nulled plugins or themes is a pirated or cracked version of the original plugins or themes. Do not go for nulled plugins and themes. Always download themes and plugins from your WordPress dashboard.
Keep your WordPress version upto date:
Update your WordPress version as soon as a new version is released because the new version may contain some security fixes. Also keep your plugins and themes upto date as authors of themes and plugins may have fixed some loop holes in the new version.
Install Security Plugins:
There are a lot of plugins out there which are concered about your blog’s security. Login Lockdown is one of them. It restricts the rate at which failed logins can be re-attempted from a given IP range. So you are free from password guessers and brut force attackers. You can also install ‘BulletProof Security’ plugin but I don’t recommend it for newbies as it is very complicated and if configured in a wrong way, it can damage your site.
Change the default ‘admin’ username in WordPress:
Many bloggers use Fantastico or Softaculous to install WordPress. This automated installers keep the default username ‘admin’ which new bloggers usually don’t feel to change. The username ‘admin’ is common to everyone, even the hackers. So they can go for your password. As WordPress username, once fixed cannot be changed via Dashboard, you can change it via phpmyadmin. Just go to wp-users table and locate your username and change it.
Prevent the WP-Admin section from being indexed:
Search engine spiders, by default indexes everything unless they are told not to do so. Admin section contains all the sensitive information of our blog and hence we should prevents spiders from indexing it. You can do it via cPanel or by editing your robots.txt.
Scan your PC and blog for malware:
The hacker might be controlling your browser with a malware, so it can easily access all the information from your browser. So perform a full scan your PC and blog atleast once in a month.
Do you think I missed some points. If yes, then I would love to hear from you. :)