In the last couple of years, there has been a tremendous rise in the number of Internet users and bloggers.
Wordpress has become one of the most popular and widely used application for blogger as it is easy to setup and configure. Since the popularity of wordpress is growing, now hackers are trying to hack or inject wordpress based websites which causes many problems for the bloggers to maintain their blogs and such events cause unnecessary downtime, loss of visitors, affects Search Engine Optimization etc.
Following is the list of some of the security features and tips which can be used to secure the wordpress based blogs:-
1. Securing wp-config.php
wp-config.php file contains the database information like database name, database username, password. By default
wp-config.php has 644 permission which means a normal user can easily read your
wp-config.php. So, set the permissions of the file to 750 which will disable other users from reading it.
2. Vulnerabilities in the WordPress
Vulnerabilities of Wordpress could be defined as a program or script that allows an attacker to bypass normal wordpress settings. To avoid such problems, keep your blog updated to latest versions. Older version of Wordpress contains old functions and scripts which can be easily hacked.
Also keep all of your plugins and themes updated and if you are not using any specific plug-in, delete it from the system.
3. Hiding WordPress version
If you are running a wordpress version which has known vulnerabilities, then its not a good option to keep your wordpress version open to public. There are many plugins which hide the wordpress version from public OR you can simply add
<?php remove_action('wp_head', 'wp_generator'.; ?> in
function.php of your theme.
4. Renaming the administrative account
By default the Wordpress sets administrator username as "
admin" for the Blog.For better security it's not suggested to use "admin". After installation you can create a new user with administrator rights and delete "admin".
5. Protect WP-* Folders
Block
wp-* folders from being crawled and indexed by search engines. This can be done by blocking access to wp-* from robot.txt. Add following line in your robot.txt
6. Firewall Plugins
There are a few plugins that scans suspicious requests based on rule databases and/or white-lists.
BlogSecurity's WPIDS plug-in installs "
PHPIDS", a generic security layer for PHP applications, while
"WordPress Firewall" uses some WordPress-tuned pre-configured rules along with a whitelist to screen out attacks without much configuration.
7. Securing WordPress Database
Wordpress is an application which is database dependent for which you need to have a database and a database user. For Wordpress installation, you simply create a database with user but securing database is also useful for securing your Wordpress Blog.
Following are a few tweaks to secure database
7.1. Grant limited access to a database user: Create a user to access this database only and grant limited access to SQL commands on this database (select, insert, delete, update, create, drop and alter).
7.2. Pick a strong database password
8.Strong Passwords
Creating a Strong Password is another option to protect your blog from getting hacked. Make a habit of changing the passwords on weekly or monthly basis which will serve as an added protection.
9. Backups
It's a good habit to take / configure backup of your blog and database at regular intervals and not depending upon your hosting company's backups as it might be possible that the backup they have may contain the hacked data. (if the backup been run after your blog was hacked) There are a many plugins provided by Wordpress with the help of which one can take backups.
10. Monitoring Blogs
As a user/admin of the blog you will have to regularly monitor your blogs for changes, like any suspicious user get registered or any file of your blog gets changed or you find any suspicious activity then contact the support team in order to investigate it further.
There are a number of steps you can follow to secure your Wordpress and minimize the risk of hacking or detecting Vulnerabilities in your blog.
It would be a good idea if any of the Bloggers or webmasters share a few tips regarding securing the Wordpress blogs.
Securing Wordpress
Linear Mode
