I’m making an assumption here, but I suspect that if you read what I write about it’s quite likely that you have a website or blog set up using WordPress. On of the most over looked aspects of anyone’s WordPress site is how exposed and unsecure your site probably is right now. I compare it to leaving your door wide open when you are not home and letting everyone (friend and stranger) know that your house and your possessions (Business Property) is open and ready for the taking. Many, no the majority of people don’t pay attention to this critical aspect. The security of your WordPress blog is crucial once it has been created. There should not be any loopholes for hackers to steal or destroy your data and information. When your blog gets hacked into, the user input is not filtered out by the software properly. Some attacks may use bots which can create hundreds of spam pages on your blog automatically. Not only this, even your password is vulnerable if your blog is hacked. Hackers take advantage of the open-source nature of WordPress to analyze the specific source code of the software they want to attack and then test it for potential vulnerabilities. Every website or blog on the internet is usually vulnerable to hacking and other exploits such as malwares, unwanted links etc. But why are these websites so vulnerable? Like our everyday life, there are always unscrupulous elements prowling around on web space waiting for an opportunity to slip through any lapses of security. The websites which run blog scripts or those employed for content management system software are more prone to vulnerability. The software used is also online along with your content, so if there is any security ambiguity in the software then that could be employed by the hacker for malpractices. Here are a few guidelines that will help to make your WordPress blog more secure.
First signs to watch out for:
- The hacked blogs are generally defaced.
- The hackers corrupt the blog with hidden links pointing to their sites.
- The hackers also corrupt the unsuspecting blogger’s personal computers, who visit your site, by attaching many kinds of malware which automatically get installed.
Here are some methods to secure your WordPress blogs:
- Use security-related plugins like Hide WordPress Version, Login Lockdown, WordPress Firewall, Ultimate Security Checker
- Rename the administrative account if you currently have your administrative account with the often default of Admin. Watch the video to find out how to change it.
- Backup your database – For my clients I provide a service to back up their site and they receive zipped file for their records.
- Tighten up the file permissions (blog post coming)
- Constantly update your WordPress Blog and its plugin to latest versions. If this is something you’re not comfortable doing, look to have someone manage this on a monthly basis. I and many others offer a variety of maintenance packages that can help protect your site.
- Change your login name and use a strong password.
- Protect your wp-admin folder (blog post coming)
- Remove WordPress version info (Use Hide WordPress Version or a similar plugin)
- Hide your plugins folder (blog post coming)
- Define user privileges – each user that joins your blog you are able to define what kind of access they will have when access your site. You are able to make these changes under the Users Tab from your WordPress Dashboard.
In spite of all the risks of hacking we enjoy blogging, and if we put some basic security measures in place we can reduce the risks to an extent. Remember, to keep abreast of the latest security updates and use them while blogging.