How to Secure WordPress

13:27 08 August in CMS, Content Management System, Wordpress


If you are an internet vendor, you probably have quite a bit on your plate already. You have spent a great deal of time putting together a good website or blog and are really concentrating on how to deliver your product or information. Unfortunately, there is a certain breed of people out there in cyberspace whose self appointed mission is to break into your vault and make havoc.

If you are using WordPress as a platform to blog from, here are a few tips on how to secure WordPress:

*Keep WordPress Updated and Backed Up*

Older versions of WordPress still have much weakness that is widely known in the hacker community. To their credit, the WordPress people are always doing their best to plug security holes and are updating constantly. So your first line of defense is to keep your blogging platform updated.

Medical Tip: To avoid increasing your blood pressure, always be sure to make a backup of your blog before installing any updates. It’s a good idea to frequently to keep your WordPress backed up regularly anyhow, since any number of things can go wrong.

Another tip is to delete the Meta tags that tell the world of the version of WordPress you are using. This info is generally in the header file.

*Keep Your Plugins Hidden*

One of the great things about using WordPress is the plugins. While they greatly increase your blogs capabilities, they too contain certain bugs and vulnerabilities that are exploited by hackers. So be sure to keep them updated also.

It is easy for anyone to see what type of plugins you are using by visiting the wordpress-content/plugins folder. To keep potential intruders from finding out the plugins that you use, make an empty ‘index.html’ file and place it in your plugins folder.

It’s also a good idea to check your plugin folder and make sure the plugins there are the ones you want. Some hacker, once they get into your files uploads their own plugin. So if you see something that you are not familiar with, delete it.

Here is a Free WP plugin that keeps track of the attempts to login to your site. Many hackers use creature force to try and get your password. So, if there are too many of them coming from the same IP address within a short period of time, the plugin will disable the login function for that IP range.

*Change Your Passwords*

This is an easy hack that is often exploited. You can have a more secure blog by making up a crazy, difficult password. Even change it monthly if need be.

But not only your WordPress login. Don’t forget your hosting account and your ftp passwords as well.

Headache tip: Be sure to write your passwords down immediately and keep all your them all in a safe place.

*Check for Hidden Code*

This needs a bit more knowledge of the inner workings of WordPress on your part, so don’t mess with it unless you know what you are doing.

*Browse your theme files*

Log into your WordPress control panel, go to the theme editor, and look inside your theme files. See if there are any lines of code that are not supposed to be there, or that contain a PHP code that you don’t recognize.

*Check your database tables*

Some hackers upload fake images to your ‘Uploads’ folder and activate them with a plugin call. To detect this you need to open PHPMyAdmin, browse the ‘wordpress-options’ table, and edit the ‘active_plugins’ record.

On that record you will see a list of all the plugins that active on your blog. Delete any that seem unusual or that you aren’t using

*Browse your site files through FTP*

Log into your FTP account and browse through the folders on your site. You are looking for any files that have a strange name or that look suspicious. If you have another WordPress blog installed on another site, compare the structure of the files to make sure they match up.

Tip to avoid a heart attack: Remember: Backup, backup, backup, before you star messing with anything!