How to Improve the Security of your WordPress Blog ?
Websites and blogs are vulnerable to hackers who may want to deface your homepage with their own message, redirect your traffic to their websites, display adverts or install malware to infect visitors.
Your first warning that your site has been hacked may be that it changes without your consent, or your anti-virus software detects malware.
Because WordPress is such a popular tool for building websites and blogs, it can draw the attention of hackers.
Today i am going to Show you How to Improve the Security of your WordPress Blog ?
1. Secure the login
By default WordPress username is admin. it,s known to hackers. change this one. Also Implement the Captcha for user login to protect from Brute fore attack. BWS Plugins is really helpful in implementing capcha. its also protecting against SPAM.
2. Do not advertise your WordPress version to the world
WordPress sites always publish the version number thus making it easier for people to determine if you are running an outdated non-patched version of WordPress.
It is easy to remove the WordPress version from page but you need to make one more change. Delete the readme.html file from your WordPress installation directory as it also advertises your WordPress version to the world.
Some WordPress themes have login links in the themes to allow easy access to the login page. There is no need to advertise your login page and invite everyone, particularly the hacker, to access it. Either you remove the login link from the theme, or if you can’t remove it, change to another theme.
3. Automatically Backing Up Your Site
Having regular backups makes it easy to recover from hacks – in fact you can restore your entire site in just 1 click.
It is also handy to make a backup before making any significant changes to your site such as installing a new plugin or upgrading WordPress. Better WP Security Plugin is really providing good Security and Schedule back functions.
4. Add password authentication to wp-admin folder.
This is something that many of the more popular sites do. Add a password protection to the “wp-admin” folder. Anyone who accesses this folder will have to enter the correct username and password (in addition to the user login).
The easiest way to add password authentication is via CPanel. Log in to your CPanel and select the “Password Protect Directories” option.
5. Update WordPress, theme and plugins to the latest versions.
The WordPress team and the plugin developers work hard to make WordPress and their plugins safe, but you can reap the result of their hard work only if you continuously upgrade them to the latest version. If you are on an older build of WordPress or a plugin or theme, there could be security loopholes that are waiting to be exploited.
6. Install A Security Plugin
Better WP Security is really awesome security plugin for WordPress. it will help you in, Providing :-
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used
- Scan your site to instantly tell where vulnerabilities are and fix them in seconds
- Ban troublesome bots and other hosts
- Ban troublesome user agents
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts
- Strengthen server security
- Enforce strong passwords for all accounts of a configurable minimum role
- Force SSL for admin pages (on supporting servers)
- Force SSL for any page or post (on supporting servers)
- Turn off file editing from within WordPress admin area
- Detect and block numerous attacks to your filesystem and database
7. Install a Firewall :-
OSE Firewall™ – A WordPress Firewall created by Open Source Excellence. It protects your WordPress-powered blog against attacks and hacking. The built-in scanner can scan your websites for malicious codes. The newly added Anti-Spam funciton utilizes the IP pools in http://www.stopforumspam.com to keep your website spam free!
in the case of attack it will Prevent it and notify you
CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. It will automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
Open your Cpanel and choose the CloudFlare option.
With the Threat control panel, you can easily block the attackers or spamers ip adress or complete range. Now when attackers will get the access denied page while opening your website.
Monitor Your Sites Security :-
There are a number of free services we can use to monitor our site for hacks and downtime.
Comodo Web Inspector scanner will check lots of URL’s across your site for a range of threats.
This covers everything from malware to checking if your site is blacklisted anywhere.
Sucuri Sitecheck scanner will check lots of URL’s across your site for a range of threats.
This covers everything from malware to checking if your site is blacklisted anywhere.
The free account at Pingdom will check your site every minute from a range of locations. You can get notifications of downtime via email, sms, Twitter, iOS or Android which is very handy indeed!
Hope you like my post.How to Improve the Security of your WordPress Blog. Please Share with others.