How To Fully Secure Your WordPress Blog
As most of you might have noticed, Creativeoverflow was hacked Friday morning 11th of December. It took me a entire day to get everything back up to date and working correctly again but, everything is back to normal now though. I decided to write this article to help you protect yourself from being hacked or anything in that line.
This post will share some information regarding the usual threats that we bloggers receive and what we can use to prevent future attacks and hacks. Let’s not sit around for too much longer and get going.
Securing Your WordPress Blog
Their are numerous ways to approach a security situation but, working with wordpress their are usually a few threats that will come up first.
They used a Bruteforce Attack to gain access.
They gained access through phishing your info.
They register themselves and work up from there.
There are a few ways they can really gain access to your blog. Technology is getting so advanced that a lot of the hackers don’t have to do hacking themselves anymore they have programs doing it for them. Let’s look at the solutions to use to secure your wordpress blog.
1. WP Security Scan
This plugin scans your entire site for security issues and checks passwords, folder/file permissions, database security, WP version hiding and WP admin protection and security. Don’t use if you have a weak heart, you could get a fright.
Link – http://wordpress.org/extend/plugins/wp-security-scan/
2. WordPress Database Backup
This is one of the plugins that you should almost have installed before you even think of installing your new theme. This plugin does exactly what the name says it does, it makes a entire backup of your wordpress content and can easily be managed. The content can either be backedup to a harddrive, server or even a email address. If its a hacker that crashes your WP installion or yourself, this plugin will restore it to its previous greatness.
Link – http://www.ilfilosofo.com/blog/wp-db-backup/
3. Replace WP-Version
We all know by showing our WP versions we are more likely to be attacked by hackers. This plugins resolves the issue though. If you’re running a older version of wordpress anyone can view the source and then contemplate on what attacks might work against the installed version of wordpress. This plugin replaces the Version cue with a generated string which resolves the issue of showcasing your version.
Link – http://wordpress.org/extend/plugins/replace-wp-version/#post-2859
4. WP Spam-Free
Some say this plugin is better than Akismet but, I think it all depends on users choice for which plugin they want to use. I just wish there was a way to stop spammers in general, then we wont have to clean out our spam boxes with so much wasted comments everyday.
Link – http://www.hybrid6.com/webgeek/plugins/wp-spamfree
5. AskApache Password Protect
This plugin secures your WP Admin panel with a very powerful htaccess password protection, preventing all unwanted guests and bots to gain access to your site.
Link – http://www.askapache.com/wordpress/htaccess-password-protect.html
6. Login Lockdown
Login Lockdown records the IP address and timestamp of every failed WordPress admin login attempt. After a certain number of attempts that are detected within a short period of time from the same IP range, the login function is disabled for all requests from that range. You can find locked out IP ranges manually from the panel.
Link – http://www.bad-neighborhood.com/login-lockdown.html
7. Angsuman’s WordPress Guard Plugin
A must-have WordPress security plugin (compatible with all versions of WordPress) that protects the vulnerable areas of your blog from outside access with an additional layer of security.
Link – http://www.taragana.com/products/free-wordpress-plugins/wordpress-guard-plugin
8. Admin SSL
This plug-in will work with both the private and shared SSL connections and it will force a SSL connection in every page where password can or has to be entered. It is very helpful to protect the admin area, posts and all the pages of your WordPress installation and secure the login page.
Link – http://wordpress.org/extend/plugins/admin-ssl-secure-admin/
9. Stealth Login
Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.
Link – http://wordpress.org/extend/plugins/stealth-login/
10. Tips To Stay Protected
- Always keep your plugins updated
- Make sure you backup your databases regulary
- Always have the latest version of WordPress Installed
- Protect your blog with a solid Password.
Link – http://www.blogherald.com/2007/05/08/protect-your-blog-with-a-solid-password/
Be sure to protect your blog unless you want to be attacked at some stage, I highly doubt that anyone does.