Many websites and blogs have been hacked for some reasons or the other. Some have scape through and some are just reviving. Hackers are targeting some innocent WordPress bloggers whose have a very porous WordPress installation without proper security measures. Because of this, these hackers have been successful in hacking some WordPress blogs. However as a WordPress user, you have the duty not to blog only but also to protect your blog from these hackers. In this tutorial, in which I will be highlighting 10 steps you can take to prevent your WordPress blogs from been hacked, you can be sure of some safety with your blog.
Here are the 10 awesome tips to help you secure your WordPress blogs:
Tip 1: Always Update Your WordPress and Plugins Versions
WordPress and plugins are always updated to fix some certain bugs and other security issues of the previous versions. So an upgrade can means a lot in securing your blogs from getting hacked. Now, you can update all your plugin at once in the update page of your admin area. However, the problem lies when you have numerous niche WordPress blogs. To my knowledge, I do not think there is a way to update all your plugins and WordPress version across different blogs, you still have to do this per blog.
Tip 2: Hide Your Plugin Folder
Your blog folders contains themes, plugins and other uploads and can be accessed by anyone by default. With this also, an hacker can gain access to your blog, and even to your server. So, hiding these folders can really help in preventing your blog. To hide your blog plugin folder, which can be access through http://www.yoursite.com/wp-content/plugins, do the following:
Method 1: Using FTP Clients
Using any FTP Client to access the .htaccess file. This method is used to disable the browsing of the directory of your site sensitive files. To do this, go through the FTP client, locate the .htaccess file and open it with Notepad. Then add this code:
At times, your .htaccess file might be hidden. Depending on the type of FTP Client you are using, you can choose the option to show hidden files. For FileZilla, go to SERVER and click FORCE SHOWING HIDDEN FILES.
Method 2: Using the cPanel
Locating your blog plugins folder can also be prevented using the cPanel. This is a very good alternative if you can not handle .htaccess file using an FTP Client. In your cPanel, go to Index Manager and you will find the .htaccess file there.
Tip 3: Set Multiple Users Access Rights and Privileges
This comes handy if there are more than one authors on your blog. In this case, you do not need to assign access rights limits to each author. You can install the ‘User Access Manager plugin’, this makes the administration easier and enables you to manage access rights to blog posts, pages and files. Using this plugin, you only have to create a ‘User Group’ and put your registered users into this group and set the access rights for the group. This will make Posts and Pages accessible and writable to the members of the Group.
Tip 4: Encrypt Your Login
WordPress lacks this security measure. When you login into your Admin area, your password is not encrypted and this is not safe especially if you are on a public network or public cyber cafe where unsuspecting hackers can extract your login information with login harvesting scripts. To encrypt your WordPress blog logins, you need to use SSL or other secure protocols. Because not everyone has this technical knowledge, you can make use of a plugin called Chap Secure Plugin.
Tip 5: Use Secret Keys in the wp-config file
Hackers are getting wise everyday. They are always creating new ways of hacking websites after new version of wordpress is developed to combat the security vulnerabilities of the previous one. Hence, you need to use a security key in order to completely put your site under tight security.
A secret key is very good because it makes a blog difficult for hackers to hack. Not only that, secret keys make access to a blog harder to crack by adding random elements to the password. A secret key is a password with elements that make it harder to generate enough options to break through your security barriers.
Security Keys are single-line definitions in your WordPress configuration file, the wp-config.php. If you don’t know what the wp-config.php file is, it is the file that stores the names, address and password of the database that the blog needs to function. The file also stores user details and blog posts.
Tip 6: Always Do a Security Scan of Your Blog
A security scan is important in preventing your blog as it reveals the correct CHMOD Permissions for all your files. A regular security scan can be done with a use of a plugin called “wp-security-scan plugin.
Tip 7: Do Not Use “Admin” As Your Login Username
Using a different username apart from ‘admin’ as your login name makes it difficult to be hacked by means of automated means to guess your login information. In older versions of WordPress, you can not choose your own username but as from version 3.0, you can now choose your own username. So, if you are already using ‘admin’ as your username, you should change it.
Tip 8: Use Strong Password
Create a very strong password for your login with a minimum of eight (8) characters. Do not use just any word, names, or dates. Use a combination of digit, upper and lower case letters together with special characters that even you can not remember. Then write it down somewhere, not on your computer system.
Tip 9: Prevent Brute Force Attack
A brute force attack is when a hacker uses all possible keys against an encrypted data until the correct key is found. A script can be written to send automated requests to the system, seeking permission to gain entry to your server with different keys. If a key does not gain entry, another one is automatically developed. This system is also used for hacking twitter accounts. To stop brute force attacks, you should install the AskApache Password Protect plugin. This plugin is designed to stop automated attempts to exploit your blog vulnerabilities. The one I use personally is the Login
LockDown plugin. The plugin Limits the number of login attempts from a given IP range within a certain time period. Once a certain number of failed login attempts are reached, the plugin automatically disables the login function for all requests from the IP range.
Tip 10: Only Use Plugins You Trust
Plugins are what extend the functions of WordPress blogs. As it is very important in our blogging journey, some can pose a security threat to our blogs. Plugins can contain malicious codes that store and send your site information to the plugin author. To prevent this, do not always download and install any plugins that comes your way. Always install what you think is very necessary to make your blog successful. And always make use of the WordPress.org Extension directory instead of downloading them elsewhere.
If you can not do every steps above, make sure you put some into practice to prevent your blog from hackers. However, it should be noted that doing all this is not an 100% guarantee that your blog can never be hacked because hackers too are getting wiser everyday. The more security flaws are detected and fixed, the more the find another way to penetrate a server or blog. So always stay informed on security issues to make your blog survive been hacked. If you love your fellow bloggers, spread the news by clicking the Facebook and Twitter icon below so that can also be aware. Hope this helps?