Tag Archives: Wordpress

How to Secure WordPress Blog : Avoid WordPress hacking

WordPress is the most famous platforms for self-hosted blogs and sites. It is truly a remarkable tool and this is what used here for itechfreak. WordPress is opensource and it is cool. The main problem is its source code is available for free to anyone and people always tend to find vulnerability in the code. There will be always some person who likes to make some trouble by discovering a method to crack into the WordPress accounts in order to cause some damages or to inject some hidden spammy links. That is the reason why it is very much essential to make certain that your WordPress installation is done as securely as possible.

Secure WordPress

Here I have listed down few tips to secure your WordPress blog. Use these tips so that you can avoid wordpress hacking.

1. Update, Update, Update

There are no software systems which are resistant to the bugs and vulnerabilities. The security gaps will be found and the bad persons will try their best to utilize them. Maintaining your software up-to-date is a great approach to fend off attacks, because most of the trustworthy software vendors will soon fix their products once the security gaps are discovered. This will secure your wordpress.

For all the web-based software, it is very must to stay on top of the updates. Many WordPress users had learnt the hard way by last Sep when a waves of attacks spread across many websites not able to run the latest version of the software. Providentially, maintaining your WordPress website or blog up-to-date is one of simplest thing that you can do. Last few versions had the option to install the automatic updates. Not only that all the new upgrades are notified every time whenever updates are available.

So if you’re not using the latest WordPress version, upgrade it.

2. Make Use of Strong WordPress Account Passwords

It is always recommended the WordPress users to use strong and unique passwords.  WordPress will show the user about your password strength, but a good info is to avoid usage of common phrases, make use of the uppercase and lowercase letters and also include the numbers. It is always best to change your WordPress password regularly – say for every4 months.

3. Remove your admin Account

It is a common mistake everybody does. I know you are administrator of the blog, but do not keep your Main username as ‘admin’, ‘administrator’ or your good name. If you do that half of the work is already done for the hacker.
If you are the only one posting on your wordpress blog, create separate accounts i.e one for the administrator and other will posting. Never ever post from your administrator account, because wordpress easily tells the username of poster.

For example check this : http://www.itechfreak.com/author/dinesh/

My username is dinesh and no points for guessing that.

4. Use Secret Keys in your WP-Config File

In a WordPress you can find a file named wp-config.php. It is the file which stores all the database info that a WordPress needs to connect to its route, in a manner of speaking. It is the file consists of name, address and pass of the MySQL database which stores all of your user information, blog posts and other essential contents.

You can make it even more complicated for the bad people to gain access to your WordPress by making using of a secret key. Navigate to https://api.wordpress.org/secret-key/1.1/ and then copy the results to this part of your qp-config.php file if you are not already set up a secret key.

/**#@+

* Authentication Unique Keys.

*

* Change these to different unique phrases!

* You can generate thesee using the {@link https://api.wordpress.org/Secret-key/1.1/ WordPress.org Secret-key Sercie}

* You can change these at any point in itme to invalidate all existing cookies. This will force all users to have to log in again.

*

* @since 2.6.0

*/

define(‘AUTH_KEY’, ‘put your unique phrases here’);

define(‘SECURE_AUTH_KEY’, ‘put your unique phrases here’);

define(‘LOGGED_IN_KEY’, put your unique phrases here’);

define(‘NONCE_KEY’, put your unique phrases here’);

/**#@-*/

5. Keep Your Htaccess File in Check

You can set the access limits to certain directories by using the htaccess file. You can bind all those limits to an explicit IP address, which means that the people from those locations only can access your info.

Htaccess things gets pretty complicate, but AskApache has the Definitive Tutoria for all this .htacess.

6. Know Your File Permissions

Frequently, the hackers are able to creep into your website because you have left your files and folders with permissions that are too moderate.

Depending on how you’ve installed the WordPress, or the default practices from your webhost, the authorization for the files and folders on your WordPress install might not be correct.

The WordPress Codex has a sketch out of what authorizations are satisfactory. The file and directories authorization can be modified either thro’ FTP client or through your cPanel. This Page describes lots about how does the file permissions works and how to modify them using a number of different systems.

7. Install Plug-ins Carefully

If you do not know programing, do not try any plugin which is available on the internet. Plugin can act as a backdoor for the hacker to enter into your wordpress. Install plug-ins only from official worpdress website and do not trust anyone.

I hope these tips will help you to keep your wordpress blog secure and away from hackers.