8 Security Tips to Secure your WordPress Blog

Published On :

WordPress security is a major concern for every writer who uses WordPress as a blogging platform. Self hosted WordPress blogs are more vulnerable than third party hosted services like blogger.

WordPress is one of the most used websites CMSs; this information-rich database is therefore a main target for website attacks. If your website generates a lot of traffic, then hackers will aim at these sites to steal sensitive personal information. So WordPress’s security must be a priority for a blog owner.

So as an Administrator or Editor-in-Chief of your WordPress blog it is very essential to use these WordPress security tips and keep the hackers away. If you are wary of plugins then you may take a look at the Top 10 WordPress Plugins I use on DailyBlogging and select the plugins accordingly.

There are some tips you can use to protect your blog from potential hackers. These tips are not 100% hacker-proof, but they can go a long way in deterring a hacker and making it harder for them to breach the borders of your privacy.

Take these easy preventive measures to secure your site and your data from attacks.

WordPress Security

Secure your WordPress Blog

1. Update to the Latest WordPress Version

As soon as an upgraded version is released, try to upgrade your blog. You can use the WordPress Automatic Upgrade plugin to upgrade to the latest version. Any major security issues will be likely to be fixed in the upgrade.

2. Update your Plugins after checking the change-log

The plugins that you use are all developed by third party programmers; thus they are more vulnerable to hackers than WordPress itself. It is recommended that before you start using a plugin, check the profile carefully and read the comments and stats. Also, update your plugins regularly.

3. Take regular Database as well as Full Site Backups

This is perhaps the most important tip. Take back up of your site on a regular basis and store that back up in a secure place. This will ensure that even if you are compromised, you will be up and running. Without back up, you will lose everything.

I have written a tutorial which uses Cron Jobs for taking Nightly Database Backups.

4. Delete/Rename the Default admin User

By default, all WordPress installations come with an admin user. This will be the first thing that a potential hacker will look for when targeting your site. You will have to delete this user. First create a new user with a unique username. Then login using this new user name and then delete the admin user. The hacker now has to crack both your username and password.

5. Use a Secure Password

This is a fundamental security tip: do not use your name or birthday as passwords. These can be easily cracked. Try to use a combination of capital letters, small letters, numbers and punctuation in the password and ensure that it is a unique one.

6. Install WordPress Security Plugins

There are many WordPress security plugins that you can install to keep your site secure, like WP Security Scan and WP Exploit Scanner. You can use WP Firewall or WP Antivirus also.

With WordPress 3.1 onwards the Login Lockdown plugin comes in by default. So you don’t need to worry about users who are trying to somehow get into your Admin panel using exploits or password guessing techniques.

7. Check and Update your Themes

If you are building your own theme, try to check for the common security flaws and the PHP security holes before using the template. For this you can use WP Theme Scanner. Update your Themes, specially the free one’s as soon as an update is made available by the developer.

8. Protect your WP Admin folder

You may add a .htaccess file to your WP admin folder; this restricts access by blocking all IP addresses except the ones you use. Below is the .htaccess code to do so. Make sure that you place this .htaccess file in the WP-Admin folder. If you place it in the root directory of your WordPress blog then only you’ll be able to access your site. So be cautious when dealing with such htaccess commands.

Allow WP Admin Folder Access only to a specific IP

order deny,allow
deny from all
allow from 1.1.1.1

Change 1.1.1.1 to your own IP Address. If your blog is multi-authored or has multiple owners then add another allow command with your partner’s or guest blogger’s IP. Now, I know many people have Dynamic IP. So if you allow your current Static IP then you will be blocked when you reconnect and try to access your blog.

To avoid such a situation you need to allow Dynamic IPs. But that would mean, that some people apart from you can also access the WP Admin folder. Here is the code for blocking Dynamic IP.

Allow Access to a Dynamic IP

order deny,allow
deny from all
allow from 1.1.1.*

We use the Wildcard character (*) here. This means anyone with the IP 1.1.1.0 to 1.1.1.255 can access your WP Admin folder.

Another way to protect your WP Admin folder is to password protect that directory itself. Popular web hosts like HostGator and Bluehost provide the facility to ‘Password Protect Directories‘ within the CPanel itself.

These tips require little time and effort to set up. But if you can implement a few of these, then they will go a long way to ensure the security of your WordPress blog.

So, which security tip do your employ to protect your WordPress Blog ?

Share :
Tagged as : 39 Comments
About » Has written 1 Post(s) «

Patrick is a blogger and web designer working for a Hong kong web design firm.

HostGator
Loader

38 Comments Comments RSS

  1. #

    Great tips to protect ourselves WordPress blog. This is important thing that we must do because to build a blog need have long time. and if we do not have protection, so can our effort to become the number zero.

    • Patrick
      #

      yes you are right my friend,making a blog is a long and tedious process…and one must secure it to there best possiblity

  2. #

    but allowing certain ip and blocking others can create probs when accessing it from other pc..
    but since that will be done only occasionally its gud step

  3. #

    Very well written Patrick … Great security tips shared !! To protect my blog, I employ all the tips except the #8 one ….

    Thanks for this wonderful article :-)

    • Patrick
      #

      Im glad you liked it my friend

  4. #

    Few Days Back my Blog was hacked but now it wont happen again, thanks a lot for this jewel post

  5. #

    Yes, Several good things you must have if you have a WordPress blog or website, especially now when WordPress have over 50 Million Blogs and 14% of the World Wide Web, so it is more interesting for the thieves to crack the codes for your and others’ blogs and pages on WordPress.

  6. Thanks a lot for this awesome post. Protecting website from hacking attempts is the best way to live fulfilled online. One of my blogger\s friend was recently hacked like and I was not happy because of this. I think this tips will be useful in preventing this type of ugly trend. thanks for the share :)

  7. #

    oh yeah, there isn’t any thing on a pc that a good hacker cant get into.I would keep security up to date. mainly your anti virus. good luck.

  8. #

    Thing is, I’ve just migrated to WordPress. However, I have a number of people who have subscribed to my feeds from my blogger blog. What should I do to ensure that they now receive updates from my WordPress blog?

  9. #

    The simple and best tip is to use the latest version of WordPress. It saves most of the work.

    Nice post.

  10. #

    I really like the suggestion to lock the ip access to the wp-admin folder. Just gotta remember about it if you are traveling or something, lol.

    -Jean

  11. #

    Great tips. Most new users make the mistake of using a simple password on the default “admin” username! This make it so easy for hackers to hack the site!

  12. #

    security is the biggest issue in wordpress especially with files permissions. nice tps!

  13. #

    I have heard a lot of issues regarding security and privacy of WP sites and I noticed that most of the victims of bugs and hackers are those who fail to do these tips that you have shared, especially the no. 8 tip. Excellent post you have here Patrick. Thanks for the share. :)

  14. #

    These are some great tips!Being a blogger we should try all the possible ways to secure our blog!

  15. #

    Thanks for sharing those security tips for our wordpress blogs. Veyr impressive article.

  16. #

    Thanks for sharing these security tips . We should apply all the methods to protect our blog security

  17. #

    Hello Mani,

    Before few days ago my one site get hacked due to lose security and i was seeking for such type of tips so thanks for the same.

  18. #

    Great post! I’ve never seen so many ways to secure your blog.
    I only changed my password and username.
    Thanks!

  19. #

    Thank you so much for given up valuable security tips on here :)

  20. #

    Security should be most important task for blogger.At the time, secure password also more important . Thank you so much for given worthy post on here :)

  21. #

    Thanks for the Tips

    Did You tried BulletProof security system WordPress Plugin ??

  22. #

    These tips are very good and it is important for new word press blogger. They don’t have knowledge about it.

  23. #

    Thats very useful security solutions. finding more about password protect directory method

  24. #

    Great tips Patrick, to make your WP blog very secure! Thanks for sharing this article.

  25. #

    I tried to change the admin name and had trouble they really don’t make it easy.

  26. #

    thanx a lot, as i was facing this issue and this is seriosuly helpful…………

    Regards
    Nitish Kapoor
    Editor-Pardaphash

  27. #

    i am looking for some nice security tips for my wordpress blog and i found there. thanku

  28. #

    I really give a tons of thanks to this post. Well, I recently started a blog nut did not launched it officially!! I am really happy to say that I checked out this post’s points and secured my blog accordingly!! Thanks for the share!!

  29. #

    This isn’t a security step at all. Your best bet is to stay updated.First, automated attacks more often than not don’t bother checking for a version, they simply try an attack. Second, none of the steps you provided actually hide the version of WordPress a site is using. Actually hiding the version would be so difficult it would likely require breaking your WordPress install.

    • #

      I guess you should recheck your comment. Both the points you’ve made are contradictory to each other.

  30. #

    Thanks Patrik, this is really a very useful post and you explained each part very nicely. i have few more additional tips on the same

  31. #

    I¡¦ve been exploring for a little for any high-quality articles or blog posts on this sort of space . Exploring in Yahoo I at last stumbled upon this site. Studying this info So i am glad to express that I have an incredibly just right uncanny feeling I discovered just what I needed. I most definitely will make certain to don¡¦t put out of your mind this web site and provides it a look on a constant basis.

  32. #

    Great Tips :)

  33. #

    Thanks for posting

  34. #

    Nice post. Thanks for sharing this great tips.

  35. #

    Nice post .I will implement it..

One Trackback

  1. By 4 Steps To Protecting Your Wordpress Blog on December 22, 2011 at 3:03 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Also, use your Real name in the 'Name' field. Comment names with only keywords will be trashed.