You’ve made a nice blog with a good design. Getting lots of traffic, huh? Now, consider getting it hacked. Isn’t it unfair? So, follow the steps to make your blog secure and hackerSAFE
STEP 1
Update Update Update!
Tip: Use the latest version of the Wordpress! Its always better as they fix up the Vulnerabilities and make it more safe.
How to: As soon as the new version is available, you’ll be notified on your Wordpress Admin Dashboard. Follow the process form there to update it.
STEP 2
Change Username and Password!
Tip: Wordpress provides you the default username and password i.e admin at the time of install so everyone will know your username so and its it would be easy for them to guess your password.
How to: Create a new user from the dashboard and keep an alpha numerical password even include special characters.And then sign in to phpMyAdmin through your webserver account and change user name from “admin” to something of your choice too.
STEP 3
Keep Backups
Tip: Its always good to keep a backup of your blog posts and comments, so that you can revert to the latest contents after a disaster. I suggest you backup often, depending upon your site’s traffic.
How to:There is a Wordpress backup plugin which does a pretty job. You can either email the backup or download it to your computer. Link to plugin here
Manual backup is even better to do a complete backup of your database.
STEP 4
Stop brute force attacks
Tip: Brute force is multiple attempt of logins. You can stop it!
How to: Use login lockdown plugin, its and excellent plugin which monitors login attempts to your site. It checks how many times in a short period of time the same IP range has tried to login and if in that time a particular IP exceeds the attempts allowed then this sweet plugin will lock down access privileges for a time period you set.
Download here
STEP 5
Password protect
Tip: Password protect you wp-admin
How to: Use the askapache password protect plugin It protects your Wordpress wp-admin folder which adds another layer of security by requiring a set of valid Username and Password to gain access to anything in the /wp-admin/ folder.
Easy to use, all you need to do is to create another username and password. Here, you added some more protection. It works by writing a new .htaccess file for that folder, and encrypts your new password. Highly recommended.
Download plugin from here
STEP 6
Hide Your Contents
Tip: Did you ever login http://www.yourdomain.com/wp-contents/plugins/ on your browser? Do it! You will see the list of your plugins now its again cake walk for the hackers to look at your plugin and see if you are using one with known security vulnerabilities and exploit them. So hide it
How to: Just make a blank index.html on your computer, upload it using the your ftp and put it in the /plugins/ folder and its all fixed. Its also good to add it in your /themes/ folder too. It works!
STEP 7
Block search engines
Tip: Block search engines from crawling up your wp-folders as there is no need to have all your Wordpress files indexed, so its probably better to block them so there is no need to having all your Wordpress files indexed, so its probably better to block them so when people search they do not see those files.
How To: You can block search engines from crawling your wp- folders by blocking access via robots.txt file.
Simply add this line: Disallow: /wp-*
If you are lazy again to do this then go ahead and use KB robots.txt plugin
Download from here
