10 Easy Ways to Secure your WordPress Blog

10 Easy Ways to Secure your WordPress Blog

Bảo mật cho WordPressSecuring your blog is important. With WordPress so popular these days, it’s becoming a bigger and bigger target for hackers. In this post we’ll look at ten easy ways to secure your WordPress blog.

1. WP Security Scan This very easy to use plugin will sort out some of the basic security issues with WordPress – it’ll change your database’s name and alert you to flaws in your installation’s security, amongst other features.


2. Protect your plugins Plugins are an easy way for a hacker to get access to your blog if they’ve got flaws in them. An easy way for hackers to find out which plugins you’re using is to go to /wp-content/plugins/, and they’ll find all the plugins that you’re using. The solution? Put a blank index.html file in the wp-content/plugins/ folder.

3. Update WordPress This is super-easy to do, but a surprising number of people don’t do it: update WordPress. If you’re super-security-conscious then don’t upgrade to the next big release immediately (ie 2.8), wait for the bug fixes to come in (ie wait for 2.8.1).

4. Pick a good password Common sense. Use a good password. Don’t use the same password that you use on every site, create something that is easily memorable, with a mix of UPPER and lower case and some numbers in there too. Change your password regularly too.

5. Change the admin user name By default, the WordPress user name is admin. [Lots]% of people don’t change it. Why should you change it? If a hacker has your username, he’s halfway there to getting into your site, he just has to guess your password. If the hacker has to guess your username as well, then that’s twice as much work to do. It’s super easy to migrate posts from one user to another, just create your new user and then delete the admin user. You’ll be given the option to migrate posts to another user.

6. Protect your WP-Config.php file Your WP-Config.php contains your database name, database username and database password. It’s something to protect. Just add the following code to your .htaccess file: # protect wpconfig.php order allow,deny from all Source – Nometech.com

7. Hide your WordPress version First off, go into your header.php file and remove the meta data (something like Source – ProBlogDesign

8. Limit the number of times user can enter their password (wrongly) The Login LockDown plugin will lock out users if they enter their password wrong too many times. You can choose how many times users can enter their password and also how long they’re locked out for via a neat options page. Download

9. Limit WP-Admin access by IP This isn’t something that I do personally, as I blog on a fair number of different computers, but if you’re just on the one, with a fixed IP, then this is a great hack for you: you can restrict access to the wp-admin directory with a spluginimple .htaccess hack: order deny, allow allow from a.b.c.d. #your static ip deny from all Source – Nometech 10. Login via SSL If your host has an SSL certificate then you can use this great little plugin to login via SSL. The Admin SSL plugin “secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL.”


Source: catswhocode.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: