People do not care about security when it comes to blogging. About 50% of them waits for something to happen and then panics. After something happens to his/her blog, the person starts to think of security. I ask you to act before and secure your blog. There are lots of free methods to secure your blog. There are paid options which are much better, but you do not need to pay when the free ones work. This articles rounds up some good practices for having a secure WordPress blog.
Securing Your Admin Account:
Admin accounts of WordPress blogs are the most vulnerable targets for hacking. Therefore you must take good care to secure them. Here are some good practices:
- Never use the user-name admin for your admin accounts. Also you display name must never be your user-name. Your user-name should be a secret like your password.
- Never use a password that you use in any other site. This is because some site admin can see your passwords. Use a very strong password (Read: Creating Secure Passwords). There is not much risk saving the passwords if you have a private PC or Laptop.
- Never use the admin email address for leaving comments on other sites.
The above three points simply mean that your email, user-name and password are the three things to keep safe. If a person gets any two of the above, then the person can get access to the admin account.
Securing Your Blog:
Your blog and the major files are the next target of a practical hacker. Here are some things to disappoint the hacker in him:
- You need to have the latest WordPress version. Never be lazy and keep an older version. Also do not show the fact that you have the latest WordPress. Your WordPress version should be a secret. To hide the WordPress version, go to WordPress dashboard -> Appearance -> Editor -> Functions.php and then paste the following code:
<?php remove_action(‘wp_header’, ‘wp_generator’); ?> - You can also use the Secure WordPress plugin. (Read: 15 Highly Recommended WordPress Plugins).
- There is no need to allow user registrations unnecessarily. Granting dashboard access to a hacker can be fatal, even if the hacker is a subscriber. If user registrations are required, then use this plugin to hide the dashboard – WP Hide Dashboard.
- The table prefix of your WordPress database should never be wp_.If you can change it now, then do it, else leave it. If this is changed, it gives the hacker another stuff to find out.
- Never use any anonymous plugin. Only use plugins from the WordPress directory where only legit and safe plugins are added.
- Create a htaccess in wp-admin also. Usually an .htaccess file is only found in the site root. Copy this to the wp-admin folder.
- Never Never use CHMOD 777. If you can’t get it done with CHMOD 750, contact your host and ask it to give you admin permissions.
Suppose your blog is hacked even after all this ? It might sound impossible, but it happens. So to conclude this article, I have written some tips to reduce the damage if you site is hacked.
Best Practices:
- Backup your blog posts, comments and pages either weekly or after you have posted an article. Some hosts provide automatic backups.
- Backup the whole of your site whenever a major update like a new theme is made. You can do this in larger intervals.
- Contact your host if you find that your site has been hacked.
- When and if you get your site back, scan the site completely for any malware and other risk-ware. The hack must have been to infect a virus.
- Do a search with CopyScape to search if any of your content has been stolen.
These tips are enough to secure your WordPress blog. If you know more tips and tricks to secure your WordPress blog, please share it on our comment below. Also don’t forget to share this article on Twitter, Digg, Facebook using the buttons. We truly appreciate your support.
This is a guest post by Harikrishnan. Harikrishnan R Bio: Student Blogger from India. Fond of techies like computers and the internet. Interested in web-development, blogging, Photoshop etc. Likes playing cricket and reading. Knows good HTML and very little CSS. Has a considerable amount of experience using and editing WordPress. Site: http://pixelate.co.cc/
About 
What’s the point in keeping your username secret? You can easily find people’s usernames just by visiting their profile. For example yours is ‘harikrishnan’.
Your profile:
I was talking about the admin URL. The admin URL is always xyz.com/author/admin and not the username. A hacker needs the username and password to log in to someone’s account. So If he gets the username, a part of his job is made easier.
now days blog hacking is most common part of internt….
u r post will help me to save blog from hackers……
“WordPress dashboard -> Appearance -> Editor -> Functions.php and then paste the following code : “”
i can’t find any code?
Article Updated, sorry it’s my mistake. Thanks for notifying us
Hi there.
Have you got any thoughts on the antisocial plugin? It sounds like an ok plugin but it is not in the wordpress directory and after reading your blog, I’m really hestitant to instal it. What are your thoughts on this… ?
`Why don’t you use Sociable ? As they say, anti-social is a modified version of sociable. I think Anti-social is safe
Try WP-Antivirus
Here’s a good antivirus for your WordPress blog – http://wpantivirus.com/
very informative article. i will start following these points.
You have some really awesome advice on here. Thank you
Why do hackers steal peoples blog pages or flood their page with crass comments? it is very annoying for people when they build up a diary on line and have it hacked, or some one puts loads of abuse on peoples pages.Thanks
i will surely stick to this points
i am always afraid of ahckers
lost one blog by hackers before
Hey Rajesh, This page is keeping on loading and loading and it takes lots of time to stop loading. Something loaded from stats.wordpress.com and feeds.delicious.com is slowing down the page. Check it out
Loaded in 23.7 seconds! I haven’t found any problem
Your site loads in less that 7 seconds. Individual posts are slower
Problem due to SexyBookmarks plugin, now problem is resolved
Thanks!