What have you done lately to protect your blog? You probably never thought of it in the first place, have you? Often a great deal of our time is spent on building a great site, we tend to overlook the importance of securing it from the hands of hackers.
By default, WordPress may be prone to being attacked hacked if you have not taken any necessary steps to protect its frail php scripts from any malicious hands.
So here’s 5 essential yet simple WordPress Security Tips you could implement right away before someone else taking over your blog. Don’t procrastinate till it’s too late.
1. Secure your /wp-admin/ directory
According to Matt Cutts from Google on his post three tips to protect your WordPress installation, the first thing you need to do is protect your /wp-admin/ directory using .htaccess. It seems that the vulnerability of your blog can be exposed by accessing those files residing within your /wp-admin/ directory.
However, if you aren’t familiar with .htaccess, this method may not be the best option as it requires you to create a separate .htaccess, define a set of IPs to allow access to that directory and place it in the /wp-admin/ folder.
Though it is a logical thing to do, I haven’t used the method above myself as I’m not in the fixed IP environment unless someone will show me how to set a dynamic IP using .htaccess.
2. Hide your /plugin/ directory
If you aren’t in the know, your WordPress plugins folder is completely visible to anyone via http://www.domainname.com/wp-content/plugins. What this means is that if there is any security hole in one of the plugins you are using, you are may be at risk of being attacked, so to speak.
The solution would be to create a blank index.html file using your favorite text-editor and upload it to your /wp-contents/plugins/ directory so that when someone access your plugin directory, they will only get a blank screen instead.
3. Remove WordPress Version tag
For the same security reason as above, it’s best to remove the WordPress version that is included in most themes by default.
The Meta tag that displays your current version of WordPress can be found in the header.php which you can safely remove it.
If you are not comfortable to edit the code of your theme you can install bs-wp-noversion plugin: Removes WordPress Version from Blog Security to remove the WordPress version for you. A simple yet useful plugin that will just do the job.
4. Block /wp- folders from Search Engine
The best way to block your /wp- folder from the Search Engine is through the use of robots.txt file. If you already have robots.txt, add the following line to it.
Disallow: /wp-*If you haven’t created a robots.txt file, for the sake of simplicity, you can copy my version robots.txt and paste it onto your favorite text editor. Next, save the file exactly as robots.txt and upload it to your root directory. It basically tells the search engine robots what to index and what not.
5. Upgrade to the latest version of WordPress
Perhaps the simplest thing to do to fix any security issues to your blog would be to keep up-to-date with the latest version of WordPress. This due to the fact that the old version is more prone to being exploited and compromised.
If you haven’t been using it, Wordpress Automatic Upgrade allows you to automatically upgrade the WordPress installation to the latest version right from your dashboard.
Similarly so, you need also to upgrade to the latest version of all the plugins you are currently using to minimize any security risk.
Lastly, even with all the security measures, nothing beats having a periodic backup of your blog. The plugin I use is WordPress Database Backup which I schedule it to backup my data daily and send it to my email. If you don’t have it installed, you probably should do it now!
Bonus Tip: Please download and install the WP Vulnerability Scanner plugin. When done, simply activate it and launch WP-Scanner and then de-activate it once you’re done with the test.
Though the above methods are not fool-proof, if implemented properly, it will somehow make it that much harder for any hacker to know which vulnerabilities to exploit. It’s better to be safe than sorry, isn’t it? I hope those tips above will now make your blogging a little bit easier and stress-free in the future.
What have you done to protect your blog? Do I miss anything here? I’ll love to hear your opinions on this.
Related posts
- I Want a WordPress Plugin to.. WordPress is a powerful blogging platform and a popular one indeed. Nonetheless, at its core form, it is just too...
- A Beginner’s Guide to WordPress Plugins Without a doubt one of the biggest advantages of using WordPress is the ability to extend its functionality with the...
- The Uploaded File Could Not Be Moved To [The Solutions] On one fateful occasion when I had problem uploading images from the admin dashboard, I wrote a post with the...
- 15 Tips to a Better Blog with Wordpress Blogging is a simple art form, thus requires a simple publishing system. Wordpress is the link that makes powerful blogging...
- Optimize Your Blog for iPhone With probably one of the Best Innovation of the Year, Apple iPhone is set to become the most sought-after mobile...
{ 6 trackbacks }
{ 14 comments… read them below or add one }
What an awesome post. Well written, organized, and very easy to follow! Great job Yan!
Piss Biscuit’s last blog post..Extra! Extra! Read all about it…
Nice useful article. I am currently on blogger platform but I wish to move to Wordpress. This article will be useful to me then. And thanks for your lovely comments on my blog.
@PB: Thanks, PB for your lovely comment.
@Agent 001
The fact is I seldom comment on blogger blog as it has never been that user-friendly if you were to compare it with WP. Though ‘Intense Debate’ makes it slightly easier to comment.
You have a great contest out there and hope my entries would be good enough for some goodies.
Thanks for dropping by, Agent..
Thanks Yan for the suggestions.
It’s always good to spend some time securing your systems, whether it be hardware based / software based. I especially like Tip 2 considering how many plugins their are for WordPress,. It would be very easy for a novice php programmer to overlook something. So many plugins are downloaded / installed everyday without ever blinking an eye at the code.
Technology For Non Techies’s last blog post..Ditch the Double Click – How to Setup Single Click with Windows XP / Vista
Good advice! Everyone would be wise to take these simple steps to secure their little piece of virtual real estate.
B. Durant’s last blog post..Heller vs. DC 2nd Amendment upheld
@B Durant: Thanks for your comment. You’ll be surprised few actually ever take the initial step to secure their blog.
I have bookmarked this for future use!
Very usedful one … had not heard about those before .. but now will follow those points mentioned to protect my blogs on being attacked.
will Bookmark this page for future reference and share with frds too :)
Great post. I knew about removing the version tag but didn’t knew that plugins directory is exposed. just now created index.html and had put that in plugins directory.
Will also implement other things.
Nihar’s last blog post..Kismat Konnection Movie Review
@Nihar: Glad to see you around and I hope you come in often to share your knowledge with the readers here.
Yan,
Just now implemented all things except step 1. I am little skeptical about it.
Nihar’s last blog post..Kismat Konnection Movie Review
@Nihar: I didn’t follow the step #1 as Matt had suggested simply because I’m not in the fixed IP environment. However, should you need to protect your admin against unauthorized login, you probably need a plugin like Login LockDown. Good luck.
Yan,
Thanks for your tips. I’s just going through the essential security tips. Found the new thing of blocking the wp folders from the search engines.
Will implement it right away!
Arun´s lastest post..Bankruptcy Concept