People do not care about security when it comes to blogging. About 50% of them waits for something to happen and then panics. After something happens to his/her blog, the person starts to think of security. I ask you to act before and secure your blog. There are lots of free methods to secure your blog. There are paid options which are much better, but you do not need to pay when the free ones work. This articles rounds up some good practices for having a secure WordPress blog.
Securing Your Admin Account:
Admin accounts of WordPress blogs are the most vulnerable targets for hacking. Therefore you must take good care to secure them. Here are some good practices:
- Never use the user-name admin for your admin accounts. Also you display name must never be your user-name. Your user-name should be a secret like your password.
- Never use a password that you use in any other site. This is because some site admin can see your passwords. Use a very strong password (Read: Creating Secure Passwords). There is not much risk saving the passwords if you have a private PC or Laptop.
- Never use the admin email address for leaving comments on other sites.
The above three points simply mean that your email, user-name and password are the three things to keep safe. If a person gets any two of the above, then the person can get access to the admin account.
Securing Your Blog:
Your blog and the major files are the next target of a practical hacker. Here are some things to disappoint the hacker in him:
- You need to have the latest WordPress version. Never be lazy and keep an older version. Also do not show the fact that you have the latest WordPress. Your WordPress version should be a secret. To hide the WordPress version, go to WordPress dashboard -> Appearance -> Editor -> Functions.php and then paste the following code:
<?php remove_action(‘wp_header’, ‘wp_generator’); ?>
- You can also use the Secure WordPress plugin. (Read: 15 Highly Recommended WordPress Plugins).
- There is no need to allow user registrations unnecessarily. Granting dashboard access to a hacker can be fatal, even if the hacker is a subscriber. If user registrations are required, then use this plugin to hide the dashboard – WP Hide Dashboard.
- The table prefix of your WordPress database should never be wp_.If you can change it now, then do it, else leave it. If this is changed, it gives the hacker another stuff to find out.
- Never use any anonymous plugin. Only use plugins from the WordPress directory where only legit and safe plugins are added.
- Create a htaccess in wp-admin also. Usually an .htaccess file is only found in the site root. Copy this to the wp-admin folder.
- Never Never use CHMOD 777. If you can’t get it done with CHMOD 750, contact your host and ask it to give you admin permissions.
Suppose your blog is hacked even after all this ? It might sound impossible, but it happens. So to conclude this article, I have written some tips to reduce the damage if you site is hacked.
- Backup your blog posts, comments and pages either weekly or after you have posted an article. Some hosts provide automatic backups.
- Backup the whole of your site whenever a major update like a new theme is made. You can do this in larger intervals.
- Contact your host if you find that your site has been hacked.
- When and if you get your site back, scan the site completely for any malware and other risk-ware. The hack must have been to infect a virus.
- Do a search with CopyScape to search if any of your content has been stolen.
These tips are enough to secure your WordPress blog. If you know more tips and tricks to secure your WordPress blog, please share it on our comment below. Also don’t forget to share this article on Twitter, Digg, Facebook using the buttons. We truly appreciate your support.