5 Ways to Protect Your WordPress Site

Design & DevelopPosted on October 21, 2011 Mash_Mine

Wordpress Sticker LogoMany of the worlds most widely visited websites user WordPress as their system for managing content. WordPress allows you to easily update content, as well as administrate your entire website from a single admin panel. However, with all great things, there are some downsides, and securing your WordPress site should be considered as important as maintaining its content. In order to protect your information and content, its important to ensure your site is as hack proof as possible. We’ve put together the top 10 tips for securing your WordPress blog against attacks.

[OVERVIEW] These are tips on how to protect your WordPress website. They give you a better understanding of what possible security breaches can be exploited by hackers. We recommend using Better WP-Security as your WordPress security plugin. It makes WordPress almost unbreachable.

1 – Protect Your Username & Passwords

Logging into WordPress, you will need to enter a username and password. This information is probably the most sensitive information a hacker can get their hands on if they are trying to get into your site. Because your password isn’t encrypted, if you log into your site on an open network, anyone “listening” could perform a “man in middle” attack and gain access to this information. To avoid this, you can either: never log in on a public network (recommended) or you can let Chap Secure Login plugin do the work for you (not always necessary). This plugin will encrypt your password, making it difficult to crack for a hacker.

[TIP] We recommend simply not logging into your website from an unsecured network point. It’s easier, safer, and will help cut down on the size of your website. If it’s a must to log in on the fly, using the plugin is recommended. Remember also to change the original WordPress username. The default username is admin, be sure to change this. This is the first name any hacker will try for.

2 – Defend Against Brute Force Attacks

One of the most common methods for hacking websites is the method of brute force, where a hacker will repetitively enter passwords into the login panel until a login returns true. There are two plugins specifically designed for this, Limit Login Attempts and the login lockdown plugin. Login lockdown records the IP address of each failed login attempt, when a login attempt limit is reached, the IP address will be disabled for a time period set by you. This functionality is available in most WordPress security plugins, but do make sure to hedge yourself against brute force attacks.

[TIP] If your website has many users, all a hacker needs is to hack one account. Just because your password is strong, doesn’t mean that all user passwords are secure. Hedging against brute force attacks will help limit the chances of an account getting broken into.

3 – Secure Your ‘wp-admin’ and ‘wp-plugin’ Folders

An important part of defending yourself from hackers is to block access to your wp-admin folder and your wp-plugins folder. This will not only benefit you security wise, but it will also help you with search engines, as they won’t be indexing these folders.

wp-admin: contains important information for loging in, registering, changing settings, posts etc. To block this, you can use the Better WP-Security plugin. It will configure the settings for you.

wp-plugins: hiding your wp-plugins folder is easy. Open a text editor, save a blank document as index.html or index.php, and simply upload it into your wp-plugins folder. This will create a blank directory, and nobody can see what plugins your using. Better WP-Security will also help you further protect this folder.

4 – Hide Your Version Information

Allowing a hacker to see what version of WordPress you are using, is like giving them a list of your vulnerabilities. This goes for plugins also.

This information most commonly appears in the theme files in the header (header.php). It may simply look as follows:

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

If this is in your header.php file, delete it!

[TIP] We recommend using Better WP-Security, it has options that will allow you to completely remove all version information from your WordPress website. Not only this, but it will help you implement pretty much everything in this article also.

5 – Back Up Your Data

This is a must, specially for any publishers. Your data is the most important asset of your website, whether it’s post data, user data, settings data or statistical data, you do not want to be in a position where you lose it all. Set aside time every week to download your database onto a secure disk or device, and keep it safe. Malicious hackers will probably decide to delete or change some content if they manage to get through your security, and lets be honest, why wouldn’t they. No matter how secure your website is, be sure to put aside time on a regular basis, to back up that database.

[TIP] If you are making changes to your theme files, plugins or any other files on a regular basis, its probably a good idea to keep a backup of all that stuff too. We recommend having a FULL site backup saved onto your local server, that way if anything goes wrong you’ll only be down for a few hours max, instead of having to shut down altogether.

Follow Us
MashMine Follow your interests on MashMine, one of the newest technology blogs around. Stay up to date with the latest news on start ups, money and finance, technology, entertainment, design and development.