WordPress being popular but security vulnerable platform, it’s important for us to keep our WordPress blog secure. Here I’m sharing some essential WordPress security tips, which will help you to keep your blog safe and secure.
When I was 21, I hacked our university’s web-portal to get the semester final questions draft by entering into teachers area. I needed the questions of ‘network security’ course, so I attempted to login as sazzad (the respective teacher) and I succeeded in a few attempts to get his password as it was his girlfriend’s name without any space. 🙂
Reading my story of hacking, as a webmaster, you might be strained about your website security. For any website, a security strategy is a must. And as WordPress is the most popular open source software for blogging, it is a primary target of many malicious attacks.
Luckily, by the strength of being open source software, WordPress has many protective plugins, functions, and techniques to save you. When used in an aggregate, these tools can defend you from vicious activity, hacks, spam and other threats. Let us have a look to few of these techniques today.
Check plugin’s ratings and popularity before installing it. And to be sure, read reviews or ask your blogger friends about the plugin you are going to use.
While upgrading plugins to the latest version, make sure you upgrade WordPress plugin in the correct way.
Make sure, your administrator account username is not something easily guessable like ‘admin,’ ‘yoursitename’ or ‘yourname.’ If you already did so or you had installed a WordPress version older than 3.0, you need to change it.
Check here how to change WordPress default username security using PhpMyAdmin.
Enabling directory browsing in your site is comparable to keeping your door always open so that the thief can see your wealth inside the house and can do a plan to steal. 🙂 I hope you understand the importance of keeping your door closed.
A simple trick to disable directory browsing is to upload a blank index.html or index.php file in each directory and sub directory except the root. Also, make sure this WordPress hack to find the plugin used in your website does not apply to your website.
Read: Block visitors from specific IP address using .htaccess method
These are some basic techniques to keep your WordPress sites secure. I will come-up with more security tips in the future. Make sure you subscribed to ShoutmeLoud RSS feed to get updates.
When I was 21, I hacked our university’s web-portal to get the semester final questions draft by entering into teachers area. I needed the questions of ‘network security’ course, so I attempted to login as sazzad (the respective teacher) and I succeeded in a few attempts to get his password as it was his girlfriend’s name without any space. 🙂
Reading my story of hacking, as a webmaster, you might be strained about your website security. For any website, a security strategy is a must. And as WordPress is the most popular open source software for blogging, it is a primary target of many malicious attacks.
Luckily, by the strength of being open source software, WordPress has many protective plugins, functions, and techniques to save you. When used in an aggregate, these tools can defend you from vicious activity, hacks, spam and other threats. Let us have a look to few of these techniques today.
Useful WordPress Security tips:
Always upgrade:
Always
upgrade your WordPress version, theme, and plugin to the latest
version. The upgrade may fix any security bug from the previous version,
so it is wise to be upgraded.
Hide your WordPress version number:
For
some reason, if you cannot upgrade to the latest WordPress version, do
not let hackers know your current version. As the bugs of previous
releases are known to all through wordpress.org, it will easier for them
to attack your website. You can hide your WordPress version number by
below instructions:- If you are using an older theme, remove the following line from your theme’s header.php file
php bloginfo('version'); ?>" /> - If you are using a newer theme, just add the following in your theme’s functions.php file
<?php remove_action('wp_head', 'wp_generator'); ?>
Be careful about plugins:
Be
careful about installing plugins. Weak plugins may have buggy codes
through which some other codes or SQL queries can be injected or some
other harmful activities can be done to damage your site or its ranking.Check plugin’s ratings and popularity before installing it. And to be sure, read reviews or ask your blogger friends about the plugin you are going to use.
While upgrading plugins to the latest version, make sure you upgrade WordPress plugin in the correct way.
Secure administrator account:
Before
WordPress version 3.0, the default WordPress installation used to come
with an administration account ‘admin’ as username. As the hackers know
it, they will always try this.Make sure, your administrator account username is not something easily guessable like ‘admin,’ ‘yoursitename’ or ‘yourname.’ If you already did so or you had installed a WordPress version older than 3.0, you need to change it.
Check here how to change WordPress default username security using PhpMyAdmin.
Disable directory browsing:
Enabling directory browsing in your site is comparable to keeping your door always open so that the thief can see your wealth inside the house and can do a plan to steal. 🙂 I hope you understand the importance of keeping your door closed.
A simple trick to disable directory browsing is to upload a blank index.html or index.php file in each directory and sub directory except the root. Also, make sure this WordPress hack to find the plugin used in your website does not apply to your website.
Prevention is better than cure:
Last but not the least, never forget the following to do on a regular basis- Keep your workstation virus free, and keep anti-virus softwares updated
- Keep backups (database and files) always. If you can afford, consider using vaultpress. Read vaultpress premium wordpress backup services from automatic
- Use strong passwords and change on a regular basis. Do not save passwords to ftp clients or in browser histories.
- If possible, use premium themes
- Also read: 5 WordPress Security Plugins for Every Blog
When you use a genuine service, you will be able to provide instructions, share materials and choose the formatting style. wordpress virus remova
ReplyDelete