As one of the most popular blogging platforms with a strong community of users and developers, WordPress is promising to evolve further to offer us a great amount of outstanding features. Unfortunately, this poses a danger, as it means there are also more and more people trying to hijack and take popular WordPress websites down.
A case where blog owners can’t get access to their sites is not something strange today. That being said, it’s highly critical for WordPress bloggers to find ways to secure their blogs.
For many bloggers, securing blogs also means using complicated code and technical stuff, which can sometimes freak them out. However, making your blogs more secure doesn’t have to be as daunting as the coding tasks sound. In fact, by just taking some basic steps and installing some additional plugins, you can significantly improve your blog’s security level.
With that in mind, in this article we would like to show you how you can decrease your chances of being hacked without touching any code or technical stuff.
Start with Your Web Hosting Security First
Free hosting can be your best choice if you are on a shoestring budget; however, free hosting also means challenges and the risk of being exposed to security vulnerabilities. Therefore, investing some money in a paid web hosting service can guarantee your site is being protected with basic security features. Moreover, before using any hosting service, looking for quality reviews about that service is not a bad idea.
It All Comes from Your Own Computer
If you implement every security policy and feature on your WordPress site, yet forget about your computer, it’s time to think about it. What if you have a key-logger program installed on the computer and accidentally send your username and password to the hacker? That would be a terrible mistake.
Keep Your WordPress Blog away from the Root Directory
By default, bloggers install WordPress into the root directory of their blogs. Hackers know this and can easily use malicious programs to find WordPress on your sites. Therefore, you should create a new folder with an obscure name and install your WordPress into it. This will reduce the chances of your site being found and hijacked by hackers. Of course, in order to install the WordPress blogging software into another folder instead of the root directory, there are a number of steps you have to take, but you can hopefully find a friendly tech geek to help out or follow instructions from articles on the Internet. I’m sure there are many out there that can be really helpful.
Forget Your Default Username Admin
Some bloggers have the habit of keeping their “admin” password, which is commonly known by hackers. Simply forget about it; create a new user (and password, of course) with admin rights and delete the original admin password to enhance your WordPress security.
Take Care of Your wp-config.php File
WordPress puts your wp-config.php publicly in the public_html folder, which is extremely dangerous since wp-config.php contains all the configurations of your site. Imagine what might happen if hackers can gain access to this file. For this reason, you should move it to a more private folder on your site to increase the level of security. Don’t worry if you move this file to another folder, as WordPress will automatically search for it when displaying your site.
The original file path is /home/user/public_html/wp-config.php which can be changed to this /home/user/wp-config.php
Update Your WordPress and Its Plugins Regularly
WordPress is a well-crafted and secure system by nature; however, when you install plugins or make changes to your site, security holes can be found every so often. Therefore, when new versions of WordPress are released, make sure you update them on a regular basis, as these new versions contain the latest security patches and improvements that can fix any exposed security holes older versions may have. Additionally, try to install as few plugins as possible because plugins will slow your blog’s performance, as well as create additional security holes.
Stay away from Cracked Themes
Prepare to be hacked if you are using some cracked version of themes on your blog, since cracked themes can contain codes that are easy to get hacked. If you can get a good theme from any web design company for your blog, just do it and try not to use any cracked themes, as you can’t afford to be hacked.
Delete Anything that You Don’t Use
Why occupy your limited server’s resources for features you don’t even use, like plugins and themes? Just delete them all (you should keep the default theme for emergencies, though). That way you will not waste resources as well as expose any security holes to hackers.
Back Up Your Database
Though this step doesn’t guarantee the security of your blog, it can reduce the damage if you do get hacked. There are some plugins that can help you do the backup of your database and e-mail. WP-DBManager is one of them, with great features. Moreover, you can change your back up schedule, but I suggest you make it at least once a day so you will not be too far behind if hacking strikes on your site.
Remember to change your database password to ensure a high level of security as well.
Install Plugins to Enhance Your Security
Last but not least, you can’t miss some cool plugins to help protect your sites, can you? Here’s the list you can follow to improve your blog’s level of security.
- AntiVirus: the plugin will protect your blog from malware, spam injections, or malicious exploits. It can notify you about any suspicious events.
- Online Backup for WordPress or WP-DBManager: to backup your database and file system. With these plugins, you can back up manually or on a schedule. The backup files can be downloadable or sent directly to your e-mail address. WP-DBManager can also handle your database optimization and functionality repair as well as acting as your database management tool.
- Spam-Filtering Akismet Plugin: the world’s most well-known spam filter (and free for personal use as well), Akismet can connect to Akismet’s servers and compare a comment’s content to identify if it is spam or not. Akismet is installed by default on new WordPress blogs.
- Hide Login: this plugin is based on the idea of hiding your login page with a custom login URL where you can create a custom admin login and logout URL.
- Better WP Security: This is a great plugin to detect security issues in your blog as well as fix them one by one. However, before applying any fixes, remember to make a database backup (just in case).
Originally posted on December 12, 2013 @ 11:28 am