How To Secure A WordPress Blog – Beginner To Pro

How To Secure A WordPress Blog – Beginner To Pro
Like Tweet Pin it Share Share Email

In recent times, WordPress has been highly targeted by hackers. Since WordPress uses MySQL and PHP, it’s not tough to find a vulnerability in WordPress.

Here I’m sharing some newbie tips to secure your WordPress blog. These are basic tips, but sometimes missing these basic tips may lead to losing your WordPress blog to some hacker.

WordPress powers around 25% of the websites in the world & is currently the most popular CMS apart from dedicated blogging software.

I can quite confidently say that being a user of this awesome CMS for the past 6 years, I simply love the fact that I can choose from thousands of plugins from the WordPress plugin database. The plugin database has never failed me.

That is the good part, but wherever there is good, there is also evil too. My site has been hacked nearly 6 times in the past by some Arabian and Turkish hackers (at least that’s what they claim). They infiltrated my site and left it with an ugly black background featuring GIF images of skulls and ravens.

Most hack attacks are done by something called an SQL injection.

Nowadays, it has become a necessity to do all the preliminary safeguarding measures to keep these hackers at bay.

Proven Tips To Secure Any WordPress Blog

 

1. Configure Backups

Even though I have given a lot of proven tips below to secure your WordPress blog, you need to ensure that if something happens, you won’t lose anything.

Not having a proper WordPress backup solution in place is the biggest mistake you can make. When a big site like Sony or Dropbox can be hacked, your WordPress blog will be relatively easy to be cracked by a hacker. So the first thing is to ensure you are taking a daily backup of your blog.

If you are earning money from your blog, I suggest using VaultPress for taking backups which only costs $5/month. You might argue that your hosting offers backup, but this is only good if they store the backup on a different server.

2. Use A Reliable & Secure Hosting Company

server level security

Your WordPress installation is just software installed on a server. The foundation of a secure website is a server which has enough protections that ensure your website is safeguarded against hackers. A free web-hosting company is a big no-no & something you should avoid.

Make sure your hosting company has proper rules set in place & has firewalls to stop an attack on your site.

I understand that it’s hard to know which hosting company is reliable against hackers & that’s why I have created this quick list of hosting companies that offer great security on their server:

  • Bluehost: One of the top rated hosts which offers great security.
  • InMotion Hosting: Founded in 2001 & are known for great hardware quality and security infrastructure. They also migrate your existing site for free.
  • WPEngine: A managed WordPress hosting company which is recommended for business WordPress sites with low or medium traffic. They offer backups and security on multiple levels.

 

3.  Update WordPress

Keeping your WordPress software up to date is the most basic security tip for any WordPress blogger. This is something that you never want to miss.

Whenever WordPress is sending an update, it means that they have fixed some bugs, added some features, and most importantly, added some security features and fixes.

Update WordPress

When you see the message: “WordPress x.x.x is available!”

Update it.

Nowadays, with one click updates, it’s very easy to upgrade your blog.

Make sure your theme and plugins are compatible with this latest version of WordPress. If an update has been rolled out and it’s not a security update, I suggest you wait for 5-6 days before other users stop reporting bugs in the latest version.

4. Update WordPress Plugins

Update WordPress plugins

As I mentioned above, WordPress releases an update to fix bugs and security holes, and the same goes with plugins.

Many times, a vulnerable plugin or script can cause an entry point into your WordPress site. One such issue which we have seen in past is the Timthumb vulnerability. This was because of a script, and many plugins which were using this script became vulnerable too.

It’s important to keep your plugins updated. Always use plugins which are continually updated and have good support. Being dependent on plugins which are not updated is a bad idea.

Also, always use the official WordPress repo to download plugins.

5. Hide WordPress Version

Let’s assume you don’t have those 2 minutes to update your WordPress core files. The listed WP version can spark an idea for a hacker to break in. If you are running an older version of WP and everyone knows it, trust me, you are doomed.

Most theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line:

<?php remove_action(‘wp_head’, ‘wp_generator’); ?>

6.  Use A Complex Login Password

I shouldn’t have to mention this, but I know too many people who use ingenious and insanely complex passwords like:

  • password
  • ilovejesus
  • 123123

Brilliant.

Please make your passwords complex, add a couple of special characters (%&*#), and keep changing it every 5 or 6 months.

I would also like to recommend a plugin called Login Lockdown. This plugin will record all IPs and time stamps of failed login attempts. After a specific number of failed attempts from a particular IP, the IP will be blacklisted. This helps a lot to prevent any brute-force attack.

Also read:

  • How Hackers Hack Your Password
  • Create A Strong And Smart Password

 

7. Check WordPress Folders File Permissions

WordPress file Permissions

Go to the File Manager in your cPanel, or log in to your FTP software, and check the file attributes of your WordPress folder.

It’s good if it’s 744 (read only). If you find it to be 777, consider yourself extremely lucky that you haven’t gotten hacked yet.

When most bloggers change hosting, they don’t realize how their file permissions also get changed. Make sure you verify all file permissions after migrating your hosting. You can also use a plugin like File Permissions and Size Check to check all of your WordPress folders and file permissions from the dashboard.

8. Delete Default Admin User

This is one of the most crucial tips for people who are looking to create a secure WordPress blog. The default “admin” username is prone to brute-force attacks because most people never change it.

When you install WordPress, make sure you use a custom username and do not use “admin”.

You can create a new user with “Administrator” rights, and give this new administrator a nickname that will be publicly displayed in case he/she writes a post. Now, log out and then log back into the newly created admin account and delete the old “admin” user.

Make sure you attribute all usernames and links to the new user which you have created.

Here is an alternative way to change the default username:

 

9.  Hide The Plugins Directory

The plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside of them.

Try visiting your plugins folder (replace domain.com with your domain name):

  • domain.com/wp-content/plugins/

If you see a list of folders and files, you need to hide them.

To hide these folders, you need to create a new .htaccess file and drop it in your plugins directory.

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress

If you already have a well written .htaccess file in your root directory, adding a separate .htaccess to an individual folder is not going to cause any harm.

Also, take a look at this post for better understanding of how to edit the .htaccess file.

10. Change WordPress Table Prefix

By default, the WordPress table prefix is ‘wp_’ and if this is left as such, it paves the way for a lot of hack attacks.

This is probably the most important step in this tutorial; this is also one of the most complex steps to do if you are a newbie or don’t know much about working on PHPMyAdmin.

But don’t worry because I will walk you through the process.

Just make sure you follow these steps carefully:

  1. Deactivate all of your WordPress plugins.
  2. Login to your cPanel.
  3. Take a complete backup of your blog database.
  4. Once you have taken the backup of your database and downloaded the .sql file, open it with a text editor (like Notepad++).
  5. Find all instances ‘wp_’ and replace them with a complex table prefix (e.g. rer349jt_ (don’t use this, this is just an example)), and save the file.
  6. Go back to PHPMyAdmin and drop all the tables into the database. Make sure you do not delete the database itself. You only need to drop the tables within the database.
  7. Now your database will be empty. Use the Import option to import the new .sql file in which you replaced all the instances of ‘wp_’ with your preferred prefix.
  8. After the import is complete, you need to edit one last file, called Wp-Config.php. If you don’t do this step, your blog will not work. Open the file and look for the line:
    • $table_prefix = ‘wp_’;
    • Replace the ‘wp_’ with your new table prefix and don’t forget to save the file.

If you have done all of the above steps correctly, your database prefixes will have changed, and you will be able to login to your blog.

Note: If in the case that all of the widgets appear to be broken, simply add a new dummy widget to your sidebar, reload the page, and then remove it after the page loads properly.

  • Read: How To Change WordPress Database Prefix

 

11. Turn Off Database Errors

In older versions of WordPress, if there were errors in the MySQL database, it would show the exact error on the browser itself giving the hacker valuable information about your database.

To prevent this, you need to update your WordPress to the latest version, so that it will only show a general error message like “Database connection error” instead of showing exactly what’s wrong

Log in to your WP dashboard and update your WordPress core files.

Creating A Secure WordPress Website

This is not everything; there are many other tips which you should be following to create a secure WordPress blog. One tip which I highly suggest is that you stop using an encrypted footer WordPress theme. If you are serious about your blogging, download a theme from the official repo, or better yet, use a Premium WordPress theme.

  • Read: Useful WordPress Security Plugins

Again, it’s a wise idea to take automatic backups of your WordPress blog at regular intervals to make sure you can always roll back your blog to a healthy condition.

Do let us know what other security tips you would like to give to other bloggers to keep their WordPress blog secure. Share your tips in the comments below!

Don’t forget to share this post!

Comments (6)

  • Consequently, due to these testosterone side effects, one shouuld avoid
    taking testosterone supplementss or medicines, particularly when the man is enduring benign prostatic
    hypertrophy (BPH), bleeding disorders, high cholesterol, any type of cancer, liver or kidney disorder, heart disease, etc.

    Reply
  • I simply want to say I am just beginner to blogging and certainly savored this page. Most likely I’m want to bookmark your website . You amazingly have perfect articles and reviews. Many thanks for sharing with us your blog site.

    Reply
  • Just want to say your article is as surprising. The clarity in your post is simply excellent and i could assume you are an expert on this subject. Well with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please carry on the rewarding work.

    Reply
  • Hiya, I am really glad I have found this info. Nowadays bloggers publish only about gossips and net and this is really frustrating. A good web site with exciting content, that’s what I need. Thank you for keeping this web site, I will be visiting it. Do you do newsletters? Cant find it.

    Reply
  • I am glad for commenting to let you be aware of what a perfect encounter my friend’s child had reading your site. She noticed some things, not to mention how it is like to have a wonderful helping mindset to get the others without problems fully grasp several impossible issues. You actually exceeded our expected results. Thanks for distributing such necessary, trusted, edifying and as well as fun thoughts on this topic to Kate.

    Reply
  • Thank you a lot for giving everyone an extraordinarily remarkable chance to read from this website. It’s usually very pleasurable plus packed with a great time for me and my office mates to search the blog nearly three times in a week to read through the latest things you have got. Not to mention, I am at all times fulfilled with the terrific things served by you. Certain 4 points in this article are ultimately the most efficient I have had.

    Reply
  • You are a very smart person!

    Reply
  • I’m not sure where you’re getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for magnificent info I was looking for this info for my mission.

    Reply
  • I am not sure where you’re getting your info, but good topic. I needs to spend some time learning much more or understanding more. Thanks for wonderful info I was looking for this information for my mission.

    Reply
  • Excellent post. I was checking constantly this blog and I am impressed! Extremely helpful info specifically the last part 🙂 I care for such information much. I was looking for this certain information for a very long time. Thank you and best of luck.

    Reply
  • I want to show my thanks to this writer just for rescuing me from such a condition. After surfing around through the search engines and finding methods which are not beneficial, I thought my life was well over. Existing minus the strategies to the difficulties you’ve resolved through your entire blog post is a serious case, and the kind that could have in a wrong way damaged my entire career if I hadn’t come across your blog post. Your ability and kindness in handling all things was helpful. I don’t know what I would’ve done if I had not encountered such a subject like this. I can now look ahead to my future. Thanks for your time so much for the skilled and amazing help. I will not be reluctant to propose your blog post to any person who would like counselling on this topic.

    Reply
  • I precisely had to say thanks once more. I do not know what I would’ve gone through without the advice contributed by you over my industry. It had been a scary scenario for me, however , being able to see a new specialised technique you handled that made me to jump over fulfillment. I’m just happier for the work and have high hopes you find out what a great job you have been getting into teaching people all through your site. Most likely you’ve never come across any of us.

    Reply
  • great points altogether, you simply received a new reader. What might you recommend in regards to your publish that you simply made some days in the past? Any positive?

    Reply
  • My brother recommended I might like this web site. He was totally right. This post actually made my day. You can not imagine just how much time I had spent for this information! Thanks!

    Reply
  • Heya i’m for the first time here. I came across this board and I find It really useful & it helped me out a lot. I hope to give something back and aid others like you helped me.

    Reply
  • magnificent publish, very informative. I wonder why the other experts of this sector do not understand this. You must continue your writing. I’m sure, you’ve a huge readers’ base already!

    Reply
  • I have fun with, lead to I found just what I used to be having a look for. You’ve ended my 4 day lengthy hunt! God Bless you man. Have a nice day. Bye

    Reply
  • I must show thanks to you just for rescuing me from such a difficulty. Because of surfing around through the the web and seeing ways which were not beneficial, I figured my entire life was over. Existing without the solutions to the issues you’ve sorted out through your guideline is a critical case, as well as the ones which may have in a negative way affected my career if I hadn’t noticed the blog. That talents and kindness in handling everything was valuable. I’m not sure what I would’ve done if I had not encountered such a step like this. It’s possible to at this time look ahead to my future. Thanks a lot so much for your skilled and effective guide. I won’t be reluctant to suggest the website to anybody who ought to have guide about this topic.

    Reply
  • Just want to say your article is as amazing. The clearness in your post is simply cool and i could assume you are an expert on this subject. Fine with your permission let me to grab your feed to keep up to date with forthcoming post. Thanks a million and please keep up the gratifying work.

    Reply
  • Wow! Thank you! I continually needed to write on my website something like that. Can I take a part of your post to my blog?

    Reply
  • I am now not certain where you’re getting your info, but great topic. I needs to spend some time finding out more or working out more. Thanks for fantastic info I used to be searching for this info for my mission.

    Reply
  • Good write-up, I¡¦m normal visitor of one¡¦s web site, maintain up the nice operate, and It’s going to be a regular visitor for a long time.

    Reply
  • Great awesome issues here. I am very satisfied to look your post. Thanks so much and i’m having a look ahead to touch you. Will you please drop me a e-mail?

    Reply
  • I have not checked in here for some time because I thought it was getting boring, but the last several posts are good quality so I guess I will add you back to my daily bloglist. You deserve it my friend 🙂

    Reply
  • It¡¦s actually a nice and useful piece of info. I¡¦m glad that you shared this helpful information with us. Please keep us informed like this. Thank you for sharing.

    Reply
  • As a Newbie, I am constantly exploring online for articles that can benefit me. Thank you

    Reply
  • Good info and right to the point. I don’t know if this is in fact the best place to ask but do you people have any ideea where to get some professional writers? Thanks 🙂

    Reply
  • I simply wished to appreciate you again. I do not know the things I could possibly have created without the type of solutions contributed by you concerning this problem. Completely was a real distressing issue in my position, but understanding this professional fashion you processed the issue forced me to weep for fulfillment. I am just happy for the work and as well , pray you find out what a powerful job your are putting in educating most people all through your blog post. Most likely you haven’t encountered any of us.

    Reply
  • Needed to write you one very small word to be able to say thanks a lot again for those breathtaking principles you have provided on this page. This has been tremendously generous with people like you to offer openly what exactly some people might have distributed as an electronic book in making some dough on their own, precisely considering the fact that you might well have done it if you wanted. These inspiring ideas also worked as a fantastic way to know that someone else have the identical dreams the same as my own to see a little more pertaining to this issue. I am certain there are some more pleasurable occasions up front for individuals who look into your blog post.

    Reply
  • I’m really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you customize it yourself? Either way keep up the excellent quality writing, it is rare to see a nice blog like this one these days..

    Reply
  • I am continually invstigating online for ideas that can aid me. Thank you!

    Reply
  • Pretty nice post. I just stumbled upon your blog and wanted to say that I’ve truly enjoyed browsing your blog posts. After all I’ll be subscribing to your rss feed and I hope you write again soon!

    Reply
  • Hiya very nice blog!! Man .. Excellent .. Amazing .. I’ll bookmark your web site and take the feeds additionally¡KI’m satisfied to seek out numerous useful info here within the put up, we want work out more techniques on this regard, thanks for sharing. . . . . .

    Reply
  • I am really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Anyway keep up the nice quality writing, it is rare to see a great blog like this one today..

    Reply
  • Hey there, You’ve done a great job. I will certainly digg it and personally recommend to my friends. I am confident they will be benefited from this website.

    Reply
  • Hello my loved one! I want to say that this post is awesome, great written and come with approximately all vital infos. I would like to look extra posts like this .

    Reply
  • Hiya, I am really glad I’ve found this information. Nowadays bloggers publish only about gossips and internet and this is actually frustrating. A good website with exciting content, that’s what I need. Thank you for keeping this web site, I’ll be visiting it. Do you do newsletters? Cant find it.

    Reply
  • Excellent weblog here! Additionally your site loads up very fast! What web host are you the use of? Can I get your associate hyperlink for your host? I desire my site loaded up as quickly as yours lol

    Reply
  • Good blog! I truly love how it is easy on my eyes and the data are well written. I am wondering how I could be notified when a new post has been made. I have subscribed to your RSS which must do the trick! Have a great day!

    Reply
  • Definitely believe that which you said. Your favorite justification appeared to be on the net the simplest thing to be aware of. I say to you, I certainly get irked while people think about worries that they just don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks

    Reply
  • fantastic points altogether, you simply gained a new reader. What would you suggest in regards to your publish that you just made some days ago? Any sure?

    Reply
  • As a Newbie, I am continuously browsing online for articles that can aid me. Thank you

    Reply
  • Great post. I was checking continuously this blog and I’m impressed! Extremely helpful info specially the last part 🙂 I care for such info a lot. I was seeking this certain information for a very long time. Thank you and good luck.

    Reply
  • It¡¦s really a great and useful piece of info. I am happy that you simply shared this helpful information with us. Please stay us informed like this. Thank you for sharing.

    Reply
  • I don’t even know how I ended up here, but I thought this post was good. I do not know who you are but definitely you are going to a famous blogger if you aren’t already 😉 Cheers!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: