I can see many new self hosted WordPress blogs emerging in to the world of blogosphere (don’t forget to include this blog). It is better to try to keep a bad thing from happening than it is to fix the bad thing once it has happened. So, preventing your blog before it gets hacked. Yes, you may be the king in writing content and also in promotion. but if your blog is not secure, you could lose everything overnight.
So, Here we have some useful and basic security tips for newbie WordPress blogs. I’m not covering all the technical aspects like using .htaccess and all those stuff. These are very simple security measures which has to be taken to protect your WordPress blog and explained in clear way for a common man who is using WordPress platform.
Keep WordPress Secure – Avoid Hack Attack
Use always Updated Version
WordPress is an Open source software so, hackers can easily find loop holes. It is better to upgrade when ever WordPress releases the latest version – You can find all the latest patches and bugs which are fixed. Subscribe to WordPress Development blog.
Change Default Username
The second thing which you should take care is, your default username “admin”. Most of the blogs will have the default username for signing in. Hackers can easily find out and they will try to break your website using brute force method. So, it is better to change the default username. You can change the default username very easily. Just add a new user, give the administrator privilege, Login to dashboard as a new user and delete the default admin username.
Disable Folder Browsing
You should not forget to disable folder browsing – I mean we can easily access /wp-content/plugins/ (or) /wp-content/uploads in the default installation. So, If a person is able to see what are the plugins you have installed, then it is easy for them to find out vulnerability and enter into your website. So, just add index.html (it should be blank file), drag and drop the index.html file into the folders. So when, someone try to access it hides the files with index.html page as in front. If you’re using new version, it has index.php by default.
Back up !
Here is the most useful tip for anyone, Backup ! back up and back up ! Back up your blog daily. Suppose, if you lose all your content ? OMG ! can’t even imagine right ? So, it is very much important to back up your blog daily. You can use wp-db-backup WordPress plugin and Schedule it for backup daily.
Stealth Login Plugin
You can use Stealth Login WordPress plugin, which helps you to create custom url for logging in, out, and registering and administration pages. Example – you can have a login page like this –> http://www.madrasgeek.com/login. It helps to prevent accessing your wp-login.php page from malicious bots etc.
Login LockDown Plugin
There is also another WordPress plugin called Login LockDown WordPress plugin. It records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
WP Scanner Plugin
This plugin allows you to find out various vulnerabilities which are part of your website or blogs. It is a WordPress online scanner which identifies potential vulnerabilities on your blog. Just download this WP Scanner plugin > activate and scan your blog. Don’t forget to disable the plugin once the scanning is finished. Because, others can also run the same scan on your blog for vulnerabilities.
Remove WordPress Version
If hackers get to know about the wordpress version which you’re using, then they can easily find out loop holes on the version which you’re using and attack your website or blog. So, remove the WordPress version on the header of your site.
remove_action(‘wp_head’, ‘wp_generator’);
Just place this single line into your theme’s functions.php file.
Choosing Passwords
Choosing Passwords for your WordPress blogs are very important. Here you can find 15 Useful Tips When Creating a Password For WordPress blogs
10. I learned all these security tips from other websites and blogs. So thought of sharing it with Newbie WordPress users. If you got any other useful Security tip, please share it with us.
Liked this post? Got something to say? Share/Comment below. You can also Get Regular Updates. Subscribe to Free RSS Feeds or Email Updates. Follow us on Twitter @madrasgeek and Like us on Facebook.
Share :
{ 8 trackbacks }
{ 26 comments… read them below or add one }
nice tips dude .. keep it up
.-= Jaspal´s last blog ..How To Add Digg, Stumble, Twitter Share Buttons On Your WordPress Blog =-.
really good tips bro,keep it up
.-= MostlyBlog´s last blog ..Watch Dancing With the Stars Season 10 Online for Free! =-.
thank you so much :)
Do you know any other alternative of Login Lock Down? Actaully it didn’t work properly in my previous blog.
Not sure, will let you know soon :)
Killer tips.. you didnt left out any points to say
Bookmarked it :-)
.-= Tricks tips´s last blog ..TeraCopy – Copy all Files at Lightning Speed =-.
Another contribution from HBB :
Disable registering feature unless you have a revenue sharing blog or a blog with Guest Blogging feature.
To Disable it go to General Settings page | turn off Anyone can register option.
That was a nice read Sri! :)
.-= S.Pradeep Kumar´s last blog ..20 Sites To Sell Your Blogs Or Websites =-.
Great points. But there is another thing which is not so obvious but I saw many new bloggers getting their site hacked due to it. It’s using wordpress themes obtained from warez sites.
Most of the time these themes have trap codes or backdoors left by the sharer so that he can later attack or infiltrate the blog using the illegal template.
So the lesson: Always use original and it’s also a way to encourage the theme designer.
.-= Kurt´s last blog ..4 Steps To Intelligently Choose A Blogging Niche =-.
Rightly said and its a great point :)
This is a great post! it is always good to secure your site so that all your hardwork will not be wasted.
Thanks for the great post.
.-= Onibalusi Bamidele´s last blog ..Blogging your passion =-.
Glad you liked it :) cheers mate :D
This is ultimate ! Awesome post… Really helpful for me….
.-= Siddhu´s last blog ..Tips to choose your antivirus =-.
I am new to WordPress and this kind of information are really helpful. Thanks for informing the log-in plug-ins.
.-= techtrickz´s last blog ..Turn your Word 2010 into blogging tool for publishing to WordPress or Blogger blog =-.
Glad it is very useful to you :) cheers :)
Never share your password with anyone.. Nice tips for beginners
.-= Simran´s last blog ..44 Most Beautiful HQ Apple, MacOS, iPhone Wallpapers =-.
Yeah :P Passwords are like underwear :D
Good article. thank you
Hi Srivatsan,
Very nice article, thank you for sharing good points …
cool article.
I do not think I have seen this described that way before. You really have cleared this up for me. Thank you!
Worth bookmarking. :) need more more more.. :)
.-= Robin´s last blog ..Google BUZZ Share Count Button Announced by Google =-.
More coming soon :)
Knew all of them except the Stealth Login URL one..nice tips..Also use themes which are from a reliable source..do read their About info’s, comments therein, Stick to the basic plugins, don’t go for alternatives like,
For Example:- Platinum SEO plugin is almost a replica of AIO SEO Plugin (Though its completely safe, hv tested it out…Its juzz an eg)
I love this website, the information is great and I have bookmarked it in my favorites. This is a well organized and informative website. Great Job!
I am newbie to wordpress and want to learn more about it so please any one can explain the things in backup means does it backup whole things like wordpress softwares, theme installed, plugins and posts. Please clarify it.
I just treasured your marvelous blog.Lots of cheers once more. Much obliged.