No announcement yet.

Securing Wordpress

  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing Wordpress

    In the last couple of years, there has been a tremendous rise in the number of Internet users and bloggers. Wordpress has become one of the most popular and widely used application for blogger as it is easy to setup and configure. Since the popularity of wordpress is growing, now hackers are trying to hack or inject wordpress based websites which causes many problems for the bloggers to maintain their blogs and such events cause unnecessary downtime, loss of visitors, affects Search Engine Optimization etc.

    Following is the list of some of the security features and tips which can be used to secure the wordpress based blogs:-

    1. Securing wp-config.php
    wp-config.php file contains the database information like database name, database username, password. By default wp-config.php has 644 permission which means a normal user can easily read your wp-config.php. So, set the permissions of the file to 750 which will disable other users from reading it.

    2. Vulnerabilities in the WordPress
    Vulnerabilities of Wordpress could be defined as a program or script that allows an attacker to bypass normal wordpress settings. To avoid such problems, keep your blog updated to latest versions. Older version of Wordpress contains old functions and scripts which can be easily hacked.
    Also keep all of your plugins and themes updated and if you are not using any specific plug-in, delete it from the system.

    3. Hiding WordPress version
    If you are running a wordpress version which has known vulnerabilities, then its not a good option to keep your wordpress version open to public. There are many plugins which hide the wordpress version from public OR you can simply add <?php remove_action('wp_head', 'wp_generator'.; ?> in function.php of your theme.

    4. Renaming the administrative account
    By default the Wordpress sets administrator username as "admin" for the Blog.For better security it's not suggested to use "admin". After installation you can create a new user with administrator rights and delete "admin".

    5. Protect WP-* Folders
    Block wp-* folders from being crawled and indexed by search engines. This can be done by blocking access to wp-* from robot.txt. Add following line in your robot.txt

    Disallow: /wp-*

    6. Firewall Plugins
    There are a few plugins that scans suspicious requests based on rule databases and/or white-lists. BlogSecurity's WPIDS plug-in installs "PHPIDS", a generic security layer for PHP applications, while "WordPress Firewall" uses some WordPress-tuned pre-configured rules along with a whitelist to screen out attacks without much configuration.

    7. Securing WordPress Database
    Wordpress is an application which is database dependent for which you need to have a database and a database user. For Wordpress installation, you simply create a database with user but securing database is also useful for securing your Wordpress Blog.

    Following are a few tweaks to secure database

    7.1. Grant limited access to a database user: Create a user to access this database only and grant limited access to SQL commands on this database (select, insert, delete, update, create, drop and alter).
    7.2. Pick a strong database password

    8.Strong Passwords
    Creating a Strong Password is another option to protect your blog from getting hacked. Make a habit of changing the passwords on weekly or monthly basis which will serve as an added protection.

    9. Backups
    It's a good habit to take / configure backup of your blog and database at regular intervals and not depending upon your hosting company's backups as it might be possible that the backup they have may contain the hacked data. (if the backup been run after your blog was hacked) There are a many plugins provided by Wordpress with the help of which one can take backups.

    10. Monitoring Blogs
    As a user/admin of the blog you will have to regularly monitor your blogs for changes, like any suspicious user get registered or any file of your blog gets changed or you find any suspicious activity then contact the support team in order to investigate it further.

    There are a number of steps you can follow to secure your Wordpress and minimize the risk of hacking or detecting Vulnerabilities in your blog.
    It would be a good idea if any of the Bloggers or webmasters share a few tips regarding securing the Wordpress blogs.
    Attached Files

  • #2

    I would like to add some more important and effective guidelines to the ones mentioned above.

    1. Update your version of Wordpress at regular time intervals
    2. Keep all the plugins uptodate
    3. Maintain recent backups
    4. Create a secure password

    You can also go extra mile by limiting the login attempts and using the SFTP instead of FTP.
    WHUK :: Reseller Hosting UKCloud Web Hosting UKDedicated Server Hosting UK
    Follow us on social networks Facebook, Twitter and Google+


    • #3
      Great post. Thank you for sharing the information. This is very helpful.