How to Improve Security of Your WordPress Blog- Best Tips

by Santosh Mishra on August 12, 2012

Improving security of your WordPress blog is important if blogging is the main source of your earning. Hackers often target websites based on WordPress and attacks are generally carried out autonomously by malicious software bots. Recently, one of my tech blog was hacked and a couple of more websites hosted on the same server were wiped out. Some time back I wrote about best security plugins. You can read another article written by me best ways to protect your WordPress blog from hacking. And now in this article, I’ve come up with some more advanced security plugins and tips to make a blog safe.

Improve Security of Your WordPress Blog

1. Make Your Computer Malware Free

Making your computer malware and spyware free is important. Update your web-browser on regular basis. Sometime, it happens that hackers unlock your WordPress security with the help of various virus attacks. As I pointed out earlier that hacking attacks are carried out by malicious software bots, making your PC malware free becomes necessary. WordPress is regular updated blogging software demoting security threats. I would suggest you to update WordPress because, the older versions of the software lack security issues. Updating WordPress is easy as it comes with automatic updates feature. You can do it directly from your admin panel.

2. Have Trusted Hosting for Your Website

Running a website is not a big deal, but you should have a trusted host for smooth going of your website. Security and stability of your web server is important. If you have your website on a shared hosting, where a website is compromised, then there are high chances that your website too may be compromised anyway. You can ask your hosting provider about the security issues.

3. Use Your Email Id and Strong Passwords

Using your email id may be the best idea to make your WordPress blog secure. Weak passwords may ruin your blogging career before it starts. When you enter your WordPress admin panel, you will find a password strength meter that shows you the real strength of your password. Keep it strong. I would suggest you not to keep your name, date of birth, birth place or your city as passwords, because it would be quite easy for any hacker to enter into your admin panel using your details. Mixture of numeric and alphabetic is the best password. There are several password generators available on internet that can be used too.

4. Don’t Let Know Others ‘Version’ of Your WordPress Blog

Do not advertise the version of your WordPress blog. It would be easy for a hacker to target your blog if he knows the version of your WordPress blog. You may simply remove it from the footer of your website. Besides this, delete the readme.html file by going into the directory of your blog. Now, you will be the only person, who knows the exact WordPress version of your blog.

5. Changing File Permissions is Important

You can change file permissions with the following command for all your WordPress files and folders, if you have shell access to your server.

For Directories:

find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

6. Secure Your WordPress Database and WP-Admin

Securing your database is a must for protecting your WordPress website. Don’t keep your all blogs in a single database, you run them on the same server. Once you are done with the server security issues, WP-Admin is the second layer of the security of your WordPress blog. I suggest you to choose your login id and password wisely.

7. Secure WP-Includes

You can secure your wp-includes blocking those scripts using mod_rewrite in the .htaccess file.

# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
# BEGIN WordPress

Some WordPress Security Plugins for Monitoring Your Blog

There are some WordPress security plugins making your blog safe. I wrote about some WordPress Security Plugins sometime back. This list contains some security plugins that monitor your WordPress blog

1. WordPress Sentinel – This plugin helps you finding any change in files as it regularly checks and re-checks all the files, be it plugins or themes in a WordPress installation. WordPress Sentinel lets you know which file in your installation is touched or hacked.

2. VIP Scanner – As the name suggests, this plugin scans all sorts of files in your WordPress installation. It requires 3.4 or higher version of WordPress software.

3. Exploit Scanner – This plugin lets you know by searching your blog installation if your blog, database or files become victim of malicious hackers.

4. WP Updates Notifier – This plugin monitors your WordPress database as well as installation and it emails you when there is any update in your WordPress website. It notifies about all the aspects like plugin, theme or core updates.

Leave a Comment

Previous post:

Next post: