Saturday, February 16, 2019
Home > Wordpress > How To Secure A WordPress Blog – Beginner To Pro

How To Secure A WordPress Blog – Beginner To Pro

In recent times, WordPress has been highly targeted by hackers. Since WordPress uses MySQL and PHP, it’s not tough to find a vulnerability in WordPress.

Here I’m sharing some newbie tips to secure your WordPress blog. These are basic tips, but sometimes missing these b

WordPress powers around 25% of the websites in the world & is currently the most popular CMS apart from dedicated blogging software.

I can quite confidently say that being a user of this awesome CMS for the past 6 years, I simply love the fact that I can choose from thousands of plugins from the WordPress plugin database. The plugin database has never failed me.

There are also endless options when it comes to themes, as well, right from the Genesis theme to Thrive themes to so many others.

That is the good part, but wherever there is good, there is also evil too. My site has been hacked nearly 6 times in the past by some Arabian and Turkish hackers (at least that’s what they claim). They infiltrated my site and left it with an ugly black background featuring GIF images of skulls and ravens.

Most hack attacks are done by something called an SQL injection.

Nowadays, it has become a necessity to do all the preliminary safeguarding measures to keep these hackers at bay.

Proven Tips To Secure Any WordPress Blog

1. Configure Backups

Even though I have given a lot of proven tips below to secure your WordPress blog, you need to ensure that if something happens, you won’t lose anything.

Not having a proper WordPress backup solution in place is the biggest mistake you can make. When a big site like Sony or Dropbox can be hacked, your WordPress blog will be relatively easy to be cracked by a hacker.

So the first thing is to ensure you are taking a daily backup of your blog.

If you are earning money from your blog, I suggest using VaultPress for taking backups which only costs $5/month.

You might argue that your hosting company offers backups, but this is only a good option if they store the backup on a different server.

2. Use A Reliable & Secure Hosting Company

server level security

Your WordPress installation is just software installed on a server. The foundation of a secure website is a server which has enough protections that ensure your website is safeguarded against hackers. A free web-hosting company is a big no-no & something you should avoid.

Make sure your hosting company has proper rules set in place & has firewalls to stop an attack on your site.

I understand that it’s hard to know which hosting company is reliable against hackers & that’s why I have created this quick list of hosting companies that offer great security on their server:

  • Bluehost: One of the top rated hosts which offers great security.
  • InMotion Hosting: Founded in 2001 & are known for great hardware quality and security infrastructure. They also migrate your existing site for free.
  • WPEngine: A managed WordPress hosting company which is recommended for business WordPress sites with low or medium traffic. They offer backups and security on multiple levels.

3.  Update WordPress

Keeping your WordPress software up to date is the most basic security tip for any WordPress blogger. This is something that you never want to miss.

Whenever WordPress is sending an update, it means that they have fixed some bugs, added some features, and most importantly, added some security features and fixes.

When you see the message: “WordPress x.x.x is available!”

Update it.

Nowadays, with one click updates, it’s very easy to upgrade your blog.

Make sure your theme and plugins are compatible with this latest version of WordPress. If an update has been rolled out and it’s not a security update, I suggest you wait for 5-6 days before other users stop reporting bugs in the latest version.

4. Update WordPress Plugins

Update WordPress plugins

As I mentioned above, WordPress releases an update to fix bugs and security holes, and the same goes with plugins.

Many times, a vulnerable plugin or script can cause an entry point into your WordPress site. One such issue which we have seen in past is the Timthumb vulnerability. This was because of a script, and many plugins which were using this script became vulnerable too.

It’s important to keep your plugins updated. Always use plugins which are continually updated and have good support. Being dependent on plugins which are not updated is a bad idea.

Also, always use the official WordPress repo to download plugins.

5. Hide WordPress Version

Let’s assume you don’t have those 2 minutes to update your WordPress core files. The listed WP version can spark an idea for a hacker to break in. If you are running an older version of WP and everyone knows it, trust me, you are doomed.

Most theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line:

<?php remove_action(‘wp_head’, ‘wp_generator’); ?>

6.  Use A Complex Login Password

I shouldn’t have to mention this, but I know too many people who use ingenious and insanely complex passwords like:

  • password
  • ilovejesus
  • 123123

Brilliant.

Please make your passwords complex, add a couple of special characters (%&*#), and keep changing it every 5 or 6 months.

I would also like to recommend a plugin called Login Lockdown. This plugin will record all IPs and time stamps of failed login attempts. After a specific number of failed attempts from a particular IP, the IP will be blacklisted. This helps a lot to prevent any brute-force attack. You can also use popular WPS hide login plugin to hide your login URL & make it hard for hackers to try brute forcing on your login page.

Also read:

 

7. Check WordPress Folders File Permissions

WordPress file Permissions

Go to the File Manager in your cPanel, or log in to your FTP software, and check the file attributes of your WordPress folder.

It’s good if it’s 744 (read only). If you find it to be 777, consider yourself extremely lucky that you haven’t gotten hacked yet.

When most bloggers change hosting, they don’t realize how their file permissions also get changed. Make sure you verify all file permissions after migrating your hosting.

8. Delete Default Admin User

This is one of the most crucial tips for people who are looking to create a secure WordPress blog. The default “admin” username is prone to brute-force attacks because most people never change it.

When you install WordPress, make sure you use a custom username and do not use “admin”.

You can create a new user with “Administrator” rights, and give this new administrator a nickname that will be publicly displayed in case he/she writes a post. Now, log out and then log back into the newly created admin account and delete the old “admin” user.

Make sure you attribute all usernames and links to the new user which you have created.

Here is an alternative way to change the default username:

9.  Hide The Plugins Directory

The plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside of them.

Try visiting your plugins folder (replace domain.com with your domain name):

  • domain.com/wp-content/plugins/

If you see a list of folders and files, you need to hide them.

To hide these folders, you need to create a new .htaccess file and drop it in your plugins directory.

# BEGIN WordPress
 RewriteEngine On
 RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 # Prevents directory listing
 IndexIgnore *
 # END WordPress

If you already have a well written .htaccess file in your root directory, adding a separate .htaccess to an individual folder is not going to cause any harm.

Also, take a look at this post for better understanding of how to edit the .htaccess file.

10. Turn Off Database Errors

In older versions of WordPress, if there were errors in the MySQL database, it would show the exact error on the browser itself giving the hacker valuable information about your database.

To prevent this, you need to update your WordPress to the latest version, so that it will only show a general error message like “Database connection error” instead of showing exactly what’s wrong

Log in to your WP dashboard and update your WordPress core files.

Creating A Secure WordPress Website

This is not everything; there are many other tips which you should be following to create a secure WordPress blog. One tip which I highly suggest is that you stop using an encrypted footer WordPress theme.

If you are serious about your blogging, download a theme from the official repo, or better yet, use a Premium WordPress theme.

Again, it’s a wise idea to take automatic backups of your WordPress blog at regular intervals to make sure you can always roll back your blog to a healthy condition.

Do let us know what other security tips you would like to give to other bloggers to keep their WordPress blog secure. Share your tips in the comments below!

Don’t forget to share this post!

Please follow and like us:
1071

44 thoughts on “How To Secure A WordPress Blog – Beginner To Pro

  1. You are so interesting! I do not suppose I’ve read thyrough anything like that before.
    So wonderful to discover another person with original thoughts on thiis subject
    matter. Really.. many thanks for starting this up.
    Thiss website is one thing that is required on the internet,
    someone with some originality!

  2. Hmm it looks like your blog ate my first comment (it was extremely long) so I guess I’ll
    jst sum it up what I submitted and say, I’m thoroughhly enjoying your blog.
    I too am an aspiring blog blogger but I’m still new to
    everything. Do you have any points for first-time blog
    writers?I’d definitely aplreciate it.

  3. Definitely believe that which yyou stated. Your favourite justification seemed to be
    on the net the simplest factor to undrerstand of. I say to you, I certainly get irked even as other people consider worrkes that thy plainly do not understand about.

    You controlled to hit the nail upon the top as smartly as outlined out the entire thing without having
    side-effects , people could take a signal. Will probably be again to
    get more. Thank you

  4. Hi, I think your blog might be having browser compatibility issues.
    Wheen I look at your blog in Opera, it looks fine buut when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up!
    Other then that, wonderful blog!

  5. Right here is the perfect webpage ffor anyone who
    really wants to find out bout this topic. You
    kow a whole lot its almost tough to argyue with you (not
    that I actually wwould want to…HaHa). You certainly put a new spin on a topic that has been discussed for decades.
    Wonderful stuff, just great!

  6. It’s a pity you don’t have a donate button! I’d certainly donate tto this superb blog!
    I suppoose ffor now i’ll settle for book-marking and adding your RSS feed to my Google
    account. I look forwar to fresh updates and will share this website
    with my Facebook group. Chat soon!

  7. My coder is trying to convince mme to move to .net from PHP.
    I have always disliked the idea befause of the expenses. But he’s tryiong none thhe less.
    I’ve been using WordPredss onn several websites for about a year and am nervous about
    switching to another platform. I have heard great things about blogengine.net.
    Is there a way I can transfer all my wordpress content into it?
    Any help would be greatly appreciated!

  8. It is perfect time to make some plans for the future and it is time to be happy.
    Ihave read this post and if I could I desire to suggest you few interesting
    things or suggestions. Maybe you can wrdite next articles rreferring to this article.
    I want to read mote things about it!

  9. Hola! I’ve been following your website for a long
    time now and finally got the courage to go ahead and giuve yoou a shout
    oout from New Canry Tx! Just wanted to say keep up the excellent job!

  10. What’s up everyone, it’s my first ppay a quick visit aat this web site, and paragraph iis really fruitful in favor oof me, keep up posting such
    posts.

  11. Unquestionably believe that which you said. Your favorite justifiation appeared too be on the web the simplest thing to bee aware of.
    I say to you, I definitely get irked while people think about worries that they just don’t know
    about. Youu mamaged to hit the nail upon the top and also defined out the whole
    thing without having side-effects , people could take a signal.
    Will likely be back to gget more. Thanks

  12. Superb blog you have here but I was curious about if you kneww of anyy message boards that cover the same topics discussed here?
    I’d really love tto bbe a part of group where I can get responses from other knowledgeable individuals that share the same interest.

    If you have any suggestions, please lett me know. Many thanks!

  13. I am exttremely impressed along wjth your writing abilities and also with the format on your
    blog. Is that this a psid subject matter or didd yyou customize it yourself?
    Either way stay up the nice high quality writing, it is
    uncommon to peer a nice blog like this one nowadays..

  14. Hi there vefy nicxe website!! Guy .. Beautiful ..
    Amazing .. I’ll bookmark your blog and take tthe feeds also?
    I am happy tto seek out numerous useful information rght here within the publish, we’d like
    work out extra strategies on this regard, thanks for sharing.

    . . . . .

  15. Great goods from you, man. I have understand your stuff
    previous to and you are just extremely wonderful.
    I actually like what you’ve acquired here, really like what
    you’re saying and the way in which you say it. You make it enjoyable and you still
    take care of to keep it smart. I can not wait
    to read much more from you. This is really a tremendous web site.

  16. I’ve an internet site on Website Design. I’m intending to ensure it is
    better still and insert additional content
    to it. But 1st, I wish to enhance my website
    development Web page design to a cleaner and profesionally far better on the lookout very first.
    Would you have an interest to overview and give us a
    comments to enhance my Web site?

  17. Earlier 1 7 days I have been traveling to quite a few Internet websites, particularly website designer linked kinds.
    I reached yours through backlink on A few other Web site
    which i was observing. I want assistance to improve my Web
    page making sure that it appears better and customer stays on it.
    If you’re able to stop by my Internet site and drop a number of
    Strategies, that will be of wonderful aid. TIA.

  18. I have a web site on Website Design. I’m intending to enable it
    to be a lot better and increase extra content to it.
    But to start with, I desire to improve my website design Web
    page layout to your cleaner and profesionally far better searching to start with.
    Would you be interested to assessment and give us a feedback to further improve my website?

  19. Previous 1 week I are already traveling to several Sites, specifically california website design connected types.
    I reached yours by means of backlink on some
    other Web page that I was observing. I would like assist to improve my Web-site making sure that it
    looks much better and visitor stays on it.
    If you can check out my Web-site and drop some Concepts, that could be of terrific
    support. TIA.

  20. Earlier 1 week I are going to lots of Web sites, especially website developer relevant
    ones. I reached yours through hyperlink on Another Site
    that I was observing. I want support to enhance my Web site to ensure it looks much
    better and customer stays on it. If you can check out my Web-site and fall several Strategies, that will be of great assist.
    TIA.

  21. I’ve an internet site on Website Design. I’m planning to make it even better and incorporate
    more information to it. But to start with, I desire to boost my california
    website design Web-site layout into a cleaner and profesionally much better on the lookout initial.

    Would you have an interest to review and provides us a
    comments to boost my Internet site?

  22. I’ve a web site on Website Design. I am intending to help it become better yet
    and include a lot more content to it. But initially, I
    would like to further improve my california website design Web
    page structure to your cleaner and profesionally greater on the lookout initially.
    Would you be interested to evaluation and provides us a feed-back
    to enhance my Web page?

  23. Earlier one week I are actually traveling to lots of Sites, exclusively website associated ones.

    I attained yours via backlink on Several other Web-site which
    i was observing. I need aid to boost my Web page in order that it seems better and customer stays on it.
    If you can go to my Web site and fall some Suggestions, that might be of terrific assistance.
    TIA.

  24. Past 1 7 days I happen to be browsing many Internet websites,
    specially web design company associated ones. I achieved yours by means of url on Another Site which i was observing.
    I want help to boost my Web-site so that it appears far better and customer stays on it.

    If you can check out my Web site and drop a few
    Strategies, that may be of terrific assist. TIA.

  25. I’ve an internet site on Website Design. I’m planning to ensure it is even better
    and insert extra material to it. But to start with, I want
    to enhance my website designer Web site design to some cleaner and profesionally
    better on the lookout initially. Would you be interested to review and give us a suggestions to enhance my Web site?

  26. I’ve a website on Website Design. I am intending to help it become a lot better and incorporate additional written content
    to it. But initially, I would like to improve my website
    developement usa website structure into a cleaner and
    profesionally improved searching initial. Would you be interested
    to evaluation and provides us a feedback to improve my Internet site?

  27. Previous 1 week I happen to be checking out several Sites, exclusively website developement usa related types.
    I reached yours by using website link on Several other website that I was observing.
    I need support to enhance my Web page in order that
    it appears to be like far better and customer stays on it.

    If you’re able to check out my Site and fall a
    few Suggestions, that might be of fantastic assistance. TIA.

  28. Past one 7 days I have already been browsing several Sites, exclusively web design arkansas related ones.
    I arrived at yours through link on Another Internet site that
    I was observing. I want support to further improve my Web-site to make sure that it looks improved and customer
    stays on it. If you can go to my Site and drop a number of Tips, that will be of great
    assistance. TIA.

  29. I have a website on Website Design. I am intending to
    help it become better still and add additional content
    to it. But very first, I desire to further improve my website
    designer Web site structure into a cleaner and profesionally greater
    wanting very first. Would you have an interest to critique and give
    us a feedback to further improve my website?

  30. Previous one 7 days I happen to be browsing several Internet websites,
    especially website development company usa connected kinds.

    I reached yours by way of website link on Another Site which i was observing.
    I would like enable to improve my website to ensure that it appears
    to be much better and visitor stays on it. If you can visit my Web site and fall a few ideas, that might be of great enable.

    TIA.

  31. I’ve a website on Website Design. I’m planning to ensure it
    is a lot better and add more written content to it. But initially, I want to improve my website development company usa Web page style and design to a cleaner and profesionally superior wanting initial.
    Would you have an interest to review and give us a comments to further
    improve my Internet site?

  32. I have a website on Website Design. I’m intending to help it become better still and insert extra content material to it.
    But initially, I desire to boost my colorado web design Web
    site layout to the cleaner and profesionally improved on the lookout very first.
    Would you have an interest to evaluation and provides us a feedback to improve my Site?

  33. I have a web site on Website Design. I’m intending
    to ensure it is better yet and increase far more information to it.
    But initial, I desire to boost my website development
    company usa Internet site structure to your cleaner
    and profesionally superior searching initial. Would you be interested to evaluation and
    give us a opinions to improve my Internet site?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enjoy this blog? Please spread the word :)

RSS1k
Follow by Email1k
Facebook9k
Facebook
Google+6k
Google+
https://pjera.com/secure-wordpress-blog-beginner-pro">
YouTube2k
YouTube
Pinterest
Pinterest
Instagram3k
LinkedIn