5 Ways to Secure Your Blog
With Wordpress being so popular its no wonder that in many ways its become a target for would be hackers. Wordpress has many doors available that if left open make your website easily accessible for hackers. But we all love Wordpress and would like to use it, so how can you remain secure?
Before you make any changes according to the suggestions below, back up your blog, just in case you need to undo the changes or additions.
A few simple easy steps to a secure Wordpress:
1. Stay updated
Join the mailing list for release notifications and update when announced. Staying updated is perhaps the most important and easiest thing you can do. Also, if you are running an older version of Wordpress, make sure to not announce it to the world. Remove version listings from your templates that could announce what version you are running, and possibly alert hackers to exploits you have available. Make sure when updating your install of Wordpress to read the Upgrading Wordpress section of the codex.
Staying updated should also mean backing up your website, so if you do get hacked your website can be restored from back ups. Backing up Wordpress requires you to have both the database and its files. Backing up your files is as easy as clicking and dragging them to your computer via ftp. Backing up your database can be complicated for some if attempted from within your hosts control panel, but fortunately a number of plugins exist that help automate and simplify the process.
The following plugins can help automate the database backup process, visit their websites for more information:
Visit the the Wordpress codex for further details on backing up your website.
2. Permission your files
Make sure that your wp-config is not world read or writeable. Otherwise people could steal your login information or even overwrite your login with their own. And make sure to delete your install.php after installation is complete.
Wordpress codex has an excellent walkthrough on setting file permissions here.
3. Protect against comment spam
Spam can be a danger to your blog and its visitors. Comment spam can insert unwanted content onto your website. One way of protecting against spam is using plugins that track comments and trackbacks, running them through tests to check on whether they are spam and then refusing or approving based on the test results. Though its worth noting that this is not completely full proof and depending on the size of your blog you may even want to personally moderate commenting, or maybe even limit commenting to specific posts.
Anti-spam Plugins and additional resources on how to protect from comment spam:
4. Limit self-registration of users
Wordpress supports the ability for users to create new accounts for the purpose of posting. Though this registration does allow them to subscribe as well, which gives them access to reading only. Turn self-registration off in options: general: general options: uncheck anyone can register
(see screenshot below.) or limit your readers to the subscribe role only.
5. Make sure your login information is unique
I’d suggest creating a new wordpress admin user account and deleting the default admin account. Its very important to create a unique password in conjunction with your name. Check out the automated password generator to create a unique and difficult to crack password.
In summary:
- Stay updated with your Wordpress install.
- Permission your files.
- Protect against comment spam.
- Limit self-registration of users.
- Make login information unique.
Along with this post I’d recommend reading the other options available in Hardening Wordpress. Don’t let your blog or website be vulnerable to attack.
I’m sorry if you couldn’t comment on this post. Wpdesigner had a temporary webhost problem. It’s fixed now.
Dear Friend,
I just made according to all the instructions in this article to secure my site http://www.moldovacrestina.net and now I can’t open it at all and can’t send to the blog any post more. When I try to open it gets with a blank page. Please, help me to fix my site. Thank you and may God bless you!
Vasile, are you able to go back and undo the changes?
Thank you! I reinstalled again Wordpress and it is working now. The only problem is that I lost all the images and now have to install again. I looked on the Web to see for an article to undestand how Wordpress is working with the images and what are the best ways to do it in order to avoid loosing them all again and I didn’t find this information. Can you give me a link, or if you know how to do this, to write a post? Thank you and may God bless you!
WordPress stores the uploaded files under wp-content/upload/ or whatever name you’ve given the folder. It sounds like you accidentally deleted your images.
[…] Last Friday’s find was about a post over at Mezzoblue documenting an settling experience of finding “hidden links” at the bottom of the site’s pages. That post motivated me to get off my butt and upgrade my version of WordPress along with changing all of my passwords back at Dreamhost (my host provider). Since that post, I’ve become a little more aware of blog security and recently came across a post over at WpDesigner.com which outlines 5 ways to secure your blog. […]
Very cool and beneficial, I’ve thought about this subject before but never read anything of value on how to secure one self from security threats. Thanks.
My blog was hacked early of this month. A friend of mine who recovered my blog said the hacker found an exploit and he break into my theme folder.
There’s a theme scanner. What theme were you using?
Good……..lets see how much I can pull out of it…
“Backing up your database can be complicated for some if attempted from within your hosts control panel.”
Yes, this is the most complicated thing while backing up. Anyway thanks for linking to those plugins, I’ll give it a try.
Thanks for the tips! I might add, that you should be carefully installing WP plugins that are not on the WP plugin directory. Some of them place hidden links or even worse!
I think staying active part, number one is the most sound advice to any new blogger.
Thanks for the User tips and the password change. I had people self-registering all over the place