Get a 360 Degree Security For Your WordPress Blog

written by aext on December 28, 2010 in Web Development and WordPress with 14 comments

Most of us are happy and contented using “Wordpress”; the so very popular blogging platform, as, it is fulfilling almost all our blogging requirements, but how long? Only till keep your WordPress blog secured from hackers or the worms of today that affect your blog. Why do I call them worms of today? There’s a reason for this. Where the worms were mischievous: like defacing your site, today, they attack without any prior signs and screw up your sites and even tend to eradicate you from Google list!!

It’s not that I am scaring the hell out of you; it has happened and may happen over and over again, if, you do not take precautions.

A stitch in time saves nine!! So, if you do not wish to drench yourself later, here are some tips to secure your blog from such worms and to block the holes that may occur during installation or after installing WordPress.

1. Update the software

wordpress update now

There is no as such software system which is completely impervious to bugs and susceptibilities. If you are thinking that something can go wrong with your site, soon you will be facing problems. There are frequent attempts to exploit all kinds of software by people who are experts in doing this, those, whom we call ‘HACKERS”!!A good way to fight them is to keep your software up- to- date.

This lesson was well clear to the WordPress users when in September 2009, a wave of attacks spread across sites which did not use the latest version of the software. I guess you won’t wish that to happen with you. Moreover, when it’s so simple to keep your WordPress site up-to- date, why should you take a risk? The best part is that for the latest versions, you have the option to install automatic updates. You also receive notifications for every new upgrade. Then why keep your blog away from it?

If you aren’t using the latest version of WordPress, get it soon, as; sticking to the old one can invite the hackers with doors open.

2. Password considerations

wordpress strong password

Your user password keeps a hold of your blogging experience. So, a very important question is how to keep it protected. First of all, you should constantly keep changing your password to something that is out of the reach of one’s mind. What would make your password unique? Try avoiding common phrases and consider using numbers in your password. Having lower and upper case letters will confuse and make it different and the hacker will have to break his mind behind it.

When I ask you to constantly keep changing the password-I mean that change it at least once in six months. Another plus point for you is when you are using a program like ‘1 password for Mac or Windows’. It helps you to store your password secured in the browser and also find out strong and unique passwords, thereby, making it easy for you to change it.

3. Secret keys for WP-Config

The WP –Config PHP file in WordPress is an asset for you, as, it has all the database information which is needed by WordPress to connect its circuit-so to-speak. Not securing this file may lead to insecurity for the name, address, password of the MySQL database that stores all of your user info, blog posts and other valuable content. You may very well imagine now as to why it becomes necessary to use a secret key to prevent others from accessing your account. Now if you ask what a secret key is? It is a password with elements making it difficult to generate enough options to break through your security barriers.

How to install this secret key function: Go to- https://api.wordpress.org/secret-key/1.1/ and copy the results into this section of your wp-config.php file. And then you are ready to use a secret key for this section of your wp-config.php file.

4. Htaccess File in Check

This I consider as one of the most effective ideas. Once you have started using an htaccess file, you can lockdown your WP-admin directory by IP address. In more simple words, this will make sure that, only the IP addresses you specify, can access your admin dashboard URLs. Meaning, you are putting a ‘No Entry’ board for anyone else to try and hack your WordPress backend. To do this, simply create a file called .htaccess and add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx

Also remember that you can add multiple “allow from” lines. So, make sure that you add any IP addresses you plan on accessing your site from (ie Home, Office, etc). Keep in mind that most ISP use dynamic IPs and so your IP address might change on occasion. In case, you get locked out, just update your .htaccess file or delete it all together.

However, this obviously is not a good tip if you allow open registrations as you need to allow your users access to WP-admin.

5. Know Your File Permissions

wordpress chmod 777

Do you leave files or folders with liberal permissions? Now, this brings in chances that the hackers will be able to gain access to your site which obviously will irritate you. It is your WordPress installation method or the default practices from your webhost, on which the permission for files depends and at times may not be apt.

To know and understand as to what permissions are acceptable you can read it on WordPress Codex. You should also know that File and directory permissions can be changed either via an FTP client or within the administrative page from your web host.

6. Avoid using admin account

Using an admin account is like inviting the hackers for a battle and that too when you have no weapons with you. Actually, admin account is the default user account which is created with every WordPress installation. Knowing this; the hackers can, without too much thoughts, launch a dictionary in your site and surmise your password. So play a safe part and change or delete the username of admin account.

Imply them:

Now, when you have so many easy and effective options, will you still be carefree with your WordPress blogs? I don’t think so. Anyways, these are just few ways of securing your blogs from the irritating bugs. You can also make use of certain WordPress plugins like WP Security Scan, Secure WordPress and few other popular ones which provide protection to your blogs. Make use of them and these tips, because, ‘prevention is always better than cure’.

This post was written by Andrew Paul, BDM with WordPressIntegration, company with a team of experts specialized in PSD to WordPress conversion and integration. You can connect with the author @andrewpaul123