12 Easy Tips For Wordpress Secure Blogs

There are many reasons every one of us should try to keep Wordpress Secure. At this article, we will introduce some Wordpress Tips and Tricks which will keep your blog, safe up to the maximum!

1) Always Update

The first thing is to try keep your wordpress installation always to the latest version. With wordpress 2.7, that is a core function. So, the only thing you have to do is press the update link inside the Wordpress Admin panel, and run it.
Same thing should be followed for the latest releases of the plugins.

2) Do not leave search open

You should not let search robots crawl everything to your entire installation folder. No one should be able to find things from search engines to your web site. To prevent this use the following
Disallow: /wp-*

3) Directories and public view

The directories of your site are not for an open view. They have to be closed and protected from outgoing sources. Here is the solution again inside the .htaccess file

Options All –Indexes

4) Delete the Wordpress Version Meta

Inside the header.php file, there is the Wordpress meta Version string. Wordpress, asks theme developers to leave that there for statistic reasons. But if you are not updating so frequently, deleting it from header might save you from hacking attempts because of old version problems. Find and delete

<meta content="WordPress<?php bloginfo(’version’); ?>"name="generator" />

5) Ask for a second wp-admin password

AskApachePassword (http://www.askapache.com/wordpress/htaccess-password-protect.html ) is a plugin which allows you to create a second level username and password for your wp-admin folder. It is a simple but yet clever way to secure your administrator area

6) Config file protection

Wordpress config file has the configuration of your database. Someone with some coding knowledge can harm your system. There is a way to lock access to your Config file, with the following .htaccess trick.

<FilesMatch ^wp-config.php$>deny from all</FilesMatch>

7) Do not download cracked FTP clients

This is a serious problem. You should never trust someone a spare key of your home, why trust them your web site security? There is an excellent ftp client, called FileZilla and it is stable and extremely good.

8) Database backup

You should always keep a spare database backup of your web site. Even if your host backups the web site every 10 minutes, you should keep a database backup once a week.

9) Use another name for the Admin user

The default admin username is good for installing Wordpress. It is easier for malicious users to exploit though. You should always use another username for the administrator account. Not only it gives a sense of personalization, it also makes it harder to guess the admin’s username. You can still have the admin name displayed by setting it as a display name.

10) Change your Database tables prefix

Wordpress tables use the WP_ prefix. Change this to something else upon installation. This one applies to your Wordpress’s database name too. Try avoiding to use the default database name of “wordpress”. Use something else.

11) Use Strong Passwords

Setting a strong password is something a lot of people tend to forget. Having a password like “111111″ might seem very easy for someone to even try it to login to your site but brute force scripts don’t feel the same. Use a very strong password in a paranoia level. Use letters, numbers and special chars like “!@#$%^&”. Write this code on paper, learn to remember it like your name and then burn the paper note.

12) Choose your plugins wisely

Wordpress became famous because of it’s community. A large community that creates plugins, themes and hacks able to convert your WP installation to a full pledged CMS. Most of the plugins are secure but you should always “trust no one”. Try using plugins that you really need. Avoid using new plugins that are not tested and generally try to use those that have a good rating based on many user ratings. So a rating of 5 stars from 2 users is not better than a rating of 4.2 by 30 users. I hope you get the point.

+1 Delete the Readme.html file

This is a very easy way for someone to discover your WP version. So, delete it after you read it. Thanks to Valentin for pointing this out.

These are some good tips, to keep your Wordpress site secure. If u have an other solution, we would love to read it in the comments!

Popularity: 1%

No related posts.