How to protect a WordPress blog from hacker attacks, increase security!

It's clearly impossible to completely prevent hacker attacks, but there are many small operations that can increase the security of your WordPress blog, minimizing the possibility of suffering the annoying inconvenience. Here are the main steps you should take to protect your beloved WordPress blog!

Backing Up The Blog

Let's start with the base, or before any amendment is advisable to make a backup of the files that are going to change, so as to avoid a heart attack when you see a white screen appear instead of your blog.

Vulnerability of Your Computer

One aspect that many people underestimate is the vulnerability of the computer from which you are accessing, just for once, to your blog. Make sure that your PC is free of viruses, spyware, malware and so on ... it makes no sense to keep your blog on your pc if there is a key logger that can intercept your user name and password!

Use Very Strong Password

As in any field, the password is critical; make it more complex as possible, especially for users with full privileges as the administrator.

Here's How To Choose A Secure Password:

  • Length of at least 8 alphanumeric characters, or both letters and numbers, maybe even mixing with case sensitive.
  • Must not contain the user name associated with, nor the name or surname of the person
  • Avoid using words that makes sense, as compleanno88 rather use c8eanmopl8no
  • Use special characters such as @ #!?
  • Use software to generate secure passwords, such as IOBit
  • Do not use as a password dates, password all numbers, or real names

I Also Recommend:

  • avoid automatically save passwords on your computer via the browser
  • does not save the password in your computer
  • would be a good idea to also protect access to our computer via a very secure password

Remove the Admin User

The Admin account is the user that is created with each standard WordPress installation, so the hacker can easily know the user name and focus only on the password (to more directly access as an administrator!). Add a new user (must have a user-name different from the name that will appear in the blog), assign them the permission of Director. Please logout and log in with the credentials of the new user. Remove the Admin user and assign the new user all items of Admin and follow the onscreen instructions.

Change the Prefix Of The Database Tables

Here, too, a little flaw WordPress, meaning that by default, the tables are prefixed WP,. so the hacker is more facilitated in its dirty work. From an awkward, change the prefix, for example by tab_WP_X X with the initial of the name of the blog. But how?

In this regard, we find solace in a great plug-in, WP security scan , which in just one click, allows us to make this change (in the database).

The Safety of The Wp-Config.Php File

The WP-config.php file is very important, has the task of containing all the passwords to access the databases, then you will need to provide maximum protection! Simply add the htaccess file the following lines of code, and access will be denied to anyone:

# Protect WP-config.php

<Files WP-config.php>

Order deny, allow

Deny from all

</ Files>

Prevent Indexing Of Folders Wp-

The spider fathom all the pages of your blog to perform the indexing of the same ... but having Indexed pages as important as those in WP-admin, WP-content and WP-includes, it is not a good thing! So now you have to tell the spiders not to index the whole admin folder, how?

Enter the following line in your robots.txt file (the file of robots, it can automatically create in webmaster tools > Site configuration> Crawler access):

Limit the Number Of Failed Login Attempts On WordPress

Login Lock restricts the ability for a user to try again and again to access the blog via the classic login. After N failed attempts in X minutes, the user will be blocked ip address for Y minutes. Great to prevent hacker attacks by Brute Force Attack (brute force attack, or try endless password until you find the correct correspondence with the user name).

Delete the String Version of WordPress

Currently with version 3.2.1, I have not found the version of WordPress in the source, so who has versions> = 3.2.1 skip this step. WordPress automatically adds the version currently installed information that can be used by the hacker to understand how and where it is vulnerable to the blog.

To eliminate it, all you have to do is add this code in the file functions.php of your theme Appearance> Editor> functions.php:

<? php remove_action ('WP_head', 'WP_generator')?>

Now check the source of your blog (click with the right mouse button on the homepage of your blog, then choose HTML or View Page Source), if the version is still present, searches for and removes the file header.php this string:

<Meta name = "generator" content = "WordPress <? Php bloginfo ('version');?>" />

Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.