Setting up a WordPress blog is just a matter of few clicks. I can bet that most of the bloggers start working on theme customization and SEO right from the day one. But they miss out an important thing and that is to secure their blog against hackers.
Securing a blog is one of the few things that we should start doing right from the word go. After the recent incident about hacking of the labnol.org (one of the best technology blogs) it’s a good time to rethink about our blog security. And in order to help you on this I have highlighted seven ways that can help you to harden your blog security.
1. Update, Update and Update:
In each and every version of WordPress, its developers sincerely try to fix some security loopholes and performance issues. In this way every new version of the WordPress is better than the previous one. And hence it is a good practice to keep your WordPress up to date. For minor level patch releases it is better to upgrade right away. But in case of some major update, it’s good to wait for a week’s time and check out the WordPress support forums for any instance of upgrade problems.
Similarly, you should also keep your plug-ins up-to-date. If you are not using a particular plug-in anymore then it’s a good idea to deactivate and delete it. This makes your blog secure and also has a positive effect on the blog performance.
2. Limit the number of login attempts:
Many hackers mostly the smarter ones also use brute force techniques to break into your blogs. In a brute force attack a hacker uses a tool to input all possible combinations of usernames and passwords to log onto your system. This brute force attack can be stopped by applying a limit on the unsuccessful login attempts.
For example you can set a login limit to something like, if a hacker types your password incorrectly for 3 times then his IP will be blocked to login for 3 hours.
You can implement this on your blog by using the Login LockDown plug-in. The number of incorrect tries and the blocked time both can be set by the admin.
This method becomes futile if the hacker is using a dynamic ip address or is accessing your blog through a proxy.
3. Change the prefix of DB tables:
By default the WordPress database tables are prefixed with “wp_”.This makes it easier for a hacker to guess your database table names and do something wrong with them. So, to avoid this it is a good practice to change your database prefix to something more unique which a hacker cannot guess.
I personally used WP Security Scan plug-in to do this.
4. Change your password frequently:
Merely having an alphanumeric password is not sufficient to protect your blog from hackers. Apart from complex passwords you should also keep on changing your passwords at least ever three months.
It’s much safer to use different password for your email accounts, FTP, Cpannel and Blog. So, that if a hacker gets to know anyone of them then also you can control the other things.
5. Hide the contents of directories:
If you navigate to some directory on your blog (like: /wp-content/uploads/) just after WordPress installation then you will be able to see a complete directory structure. This is not a good thing as a hacker can take an undue advantage of this. So, it’s always a good idea to turn off indexing on directories.
You can do this by simply adding the below line in your htaccess file.
Options All –Indexes
6. Stop using login name “Admin”:
The default login name for the Administrator account in WordPress is Admin. Many blog owners initially don’t care about this. But using the username “Admin” makes a hacker’s job 50% easier as he already knows the username and now he only needs to know the password.
It is also a bad idea to keep your user name and the name under which you blog same, because hackers can easily guess such things.
To make it more clear I will give an example for instance, if a blogger named “Andy” has both his username as well as the Author Name as “Andy” then it becomes much easier for a hacker as he already knows the users name.
It is always a better idea to change your user name to something more secure. You can easily change the blog username by using WP Secure Scan plug-in.
7. Hide your WordPress version:
If you show your WordPress version openly on your blog, a hacker can exploit this by knowing what exploits or vulnerabilities exist for a particular version.
You can hide this manually by deleting this from your blogs header file or alternatively you can use Secure WordPress plug-in.
Bonus tip – Backup Your Blog:
This is a golden tip, backing up your database can help you in the cases in which your blog gets hacked. In case your blog gets hacked and you have a backup of your blog then you can easily set it up again. And for this reason you should take regular backups of your blog. For making the backup process automated you can use BackWPUp plug-in. This plug-in facilitates the backup process.
You can also take manual backups of your blogs home directory and database directly from the Cpannel.
So, this was all about it. Please feel free to share any other tips for hardening the blog security.