WordPress being popular but security vulnerable platform, it’s important for us to keep our WordPress blog secure. Here I’m sharing some essential WordPress security tips, which will help you to keep your blog safe and secure.
When I was 21, I hacked our university’s web-portal to get the semester final questions draft by entering into teachers area. I needed the questions of ‘network security’ course, so I attempted to login as sazzad (the respective teacher) and I succeeded in a few attempts to get his password as it was his girlfriend’s name without any space. :)
Reading my story of hacking, as a webmaster, you might be strained about your website security. For any website, a security strategy is a must. And as wordpress is the most popular open source software for blogging, it is a primary target of many malicious attacks.
Luckily, by the strength of being open source software, wordpress has many protective plugins, functions and techniques to save you. When used in an aggregate, these tools can defend you from vicious activity, hacks, spam and other threats. Let us have a look to few of these techniques today.
Useful WordPress Security tips:
Always upgrade your wordpress version, theme and plugin to the latest version. The upgrade may fix any security bug from the previous version, so it is wise to be upgraded.
Hide your wordpress version number:
For some reason, if you cannot upgrade to the latest wordpress version, do not let hackers know your current version. As the bugs of previous releases are known to all through wordpress.org, it will easier for them to attack your website. You can hide your wordpress version number by following below instructions:
- If you are using an older theme, remove the following line from your theme’s header.php file
php bloginfo('version'); ?>" />
- If you are using a newer theme, just add the following in your theme’s functions.php file
<?php remove_action('wp_head', 'wp_generator'); ?>
Be careful about plugins:
Be careful about installing plugins. Weak plugins may have buggy codes through which some other codes or sql queries can be injected or some other harmful activities can be done to damage your site or its ranking.
Check plugin’s ratings and popularity before installing it. And to be sure, read reviews or ask your blogger friends about the plugin you are going to use.
While upgrading plugins to latest version, make sure you upgrade wordpress plugin in correct way.
Secure administrator account:
Prior to wordpress version 3.0, the default wordpress installation used to come with an administration account ‘admin’ as username. As the hackers know it, they will always try this.
Make sure, your administrator account username is not something easily guessable like ‘admin’, ‘yoursitename’ or ‘yourname’. If you already did so or you had installed a wordpress version older than 3.0, you need to change it.
Check here how to change wordpress default username security using PhpMyAdmin.
Disable directory browsing:
Enabling directory browsing in your site is comparable to keeping your door always open, so that the thief can see your wealth inside house and can do a plan to steal. :) I hope you understand the importance of keeping your door closed.
A simple trick to disable directory browsing is to upload a blank index.html or index.php file in each directory and sub directory except the root. Also make sure this WordPress hack to find the plugin used in your website does not apply to your website.
Monitor any hacking attempts using wassup:
Wassup is a wordpress plugin that records details data of each user. Using this plugin you can monitor any malicious activities like code/sql injections.
Plugin Url: http://wordpress.org/extend/plugins/wassup/
If you are able to detect any such attempts, note their ip and block them.
Prevention is better than cure:
Last but not the least, never forget the following to do on a regular basis
- Keep your workstation virus free, and keep anti-virus softwares updated
- Keep backups (database and files) always. If you can afford consider using vaultpress. Read:
- Use strong passwords and change on a regular basis. Do not save passwords to ftp clients or in browser histories.
- If possible, use premium themes
These are some basic techniques to keep your wordpress sites secure. I will come-up with more security tips in the future. Make sure you subscribed to ShoutmeLoud rss feed to get updates.
- Also read: 5 WordPress Security plugins for Every Blog
Do you have more WordPress security tips to share? Do let us know one tip, which you follow to keep your wordpress site secure?
This is a guest post by Ron. If you like to write for Shoutmeloud, do read our Guest posting guidelines.
Check your domain ranking