How to Secure WordPress
Friday, September 11th, 2009
If you are an internet marketer, you probably have quite a bit on your plate already. You have spent a great deal of time putting together a good website or blog and are really concentrating on how to deliver your product or information. Unfortunately, there are a certain breed of people out there in cyberspace whose self appointed mission is to break into your vault and create havoc.
If you are using WordPress as a platform to blog from, here are a few tips on how to secure WordPress
Keep WordPress Updated and Backed Up
Older versions of WordPress still have many vulnerabilities that are widely known in the hacker community. To their credit, the WordPress people are always doing their best to plug security holes and are updating constantly. So your first line of defense is to keep your blogging platform updated.
Medical Tip: To avoid increasing your blood pressure, always be sure to make a backup of your blog before installing any updates. Its a good idea to regularly to keep your WordPress backed up regularly anyhow, since any number of things can go wrong.
Another tip is to delete the meta tags that tells the world of the version of Wp you are using. This info is usually in the header file.
Keep Your Plugins Hidden
One of the great things about using WordPress is the plugins. While they greatly increase your blogs capabilities, they too contain certain bugs and vulnerabilities that are exploited by hackers. So be sure to keep them updated also.
It is easy for anyone to see what type of plugins you are using by visiting the wp-content/plugins folder. To keep potential intruders from finding out the plugins that you use, create an empty ‘index.html’ file and place it in your plugins folder
Its also a good idea to check your plugin folder and make sure the plugins there are the ones you want. Some hacker, once they get into your files upload their own plugin. So if you see something that you are not familiar with, delete it.
Here is a Free WP plugin that keeps track of the attempts to login to your site. Many hackers use brute force to try and get your password. So, if there are too many of them coming from the same IP address within a short period of time, the plugin will disable the login function for that IP range. Login Lockdown: bad-neighborhood.com. Click on login lockdown and you will be taken to the download page. Be sure to check out their other plugins to.
Change Your Passwords
This is an easy hack that is often exploited. You can have a more secure blog by making up a crazy, difficult password. Even change it monthly if need be.
But not only your WordPress login. Don’t forget your hosting account and your ftp passwords as well.
Headache tip: Be sure to write your passwords down immediately and keep all your them all in a safe place.
Secure the /wp-admin/ directory
Your most sensitive Wordpress information is stored in the /wp-admin/ folder. By default, WordPress leaves that folder open, so people can access these files to make changes if they know what they are doing.
To secure this folder:
Place an .htaccess file inside the /wp-admin/ folder to block the access to all IP addresses, except yours.
Here is the code you need to put in the .htaccess file:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
order deny,allow
deny from all
allow from xx.xx.xx.xx
allow from xx.xx.xxx.xx
Now, ff you ever find your site being redirected to another website you will need to:
Check For Hidden Code
This requires a bit more knowledge of the inner workings of WP on your part, so don’t mess with it unless you know what you are doing.
Browse your theme files
Log into your WordPress control panel, go to the theme editor, and look inside your theme files. See if there are any lines of code that are not supposed to be there, or that contain a PHP code that you don’t recognize.
Check your database tables
Some hackers upload fake images to your “Uploads” folder and activate them with a plugin call. To detect this you need to open PHPMyAdmin, browse the “wp-options” table, and edit the “active_plugins” record.
On that record you will see a list of all the plugins that active on your blog. Delete any that seem unusual or that you aren’t using
Browse your site files through FTP
Log into your FTP account and browse through the folders on your site. You are looking for any files that have a strange name or that look suspicious. If you have another WordPress blog installed on another site, compare the structure of the files to make sure they match up.
Tip to avoid a heart attack: Remember: Backup, backup, backup, before you star messing with anything!
Be Fearless
Billy Ojai
Do you want to make more money in Internet Marketing? One way is to learn good copywriting techniques. Pick up your Free copy of ‘Copywriting for the Web’ at http://billyojai.com
