WordPress is the most famous and most popularly used CMS for blogging. The core of WordPress is very secure but still hackers always attempt to find a loophole in the core to hack it. As WordPress is used by millions of users, so the hackers try to find vulnerabilities in WordPress and exploit them to crack them.
This article focuses on securing your WordPress site against these hackers and all their hacking attempts. It covers some of the most important and fundamental elements of securing your WordPress blog.
There can be hundreds of loopholes for the hackers to breach your security. It is technically not possible for anyone to take care of each and every single loophole. But that certainly doesn’t mean that you will sit idle and wait for the hackers to steal or destroy all your hard work.
1) Ensure that you are using a very secure Host
I personally consider this to be the first and foremost step in WordPress security. If your hosting provider itself is not providing you any security, then you are in real trouble. There have been many cases when hundreds of blogs got hacked in minutes due to poor hosting security.
There can be an another scenario too – suppose you are using a Shared Server and a particular site in your server (which has very weak security measures) gets hacked, then all other sites sharing that same server have ample scope of getting their security compromised.
It is the best option to go for a VPS. But neither everybody needs a VPS nor they can afford one. If your blog doesn’t get huge traffic then probably you will never need a VPS, but ensure that you are using Shared Server of a very reputed web hosting company.
2) Securing the Username and Password of your Blog
Taking a strong password is the tip that you probably have read in almost all security related articles. The password is the key to the lock that opens up your admin panel. So choosing a very strong password is extremely essential.
If your password doesn’t contain alphabets, both capital and small, numbers, special symbols, like !, @, #,$,etc then you are probably not doing it correctly. Make your passwords look as ugly as possible. More ugly it gets, more secured it becomes.
Now, comes the point of securing the username too. Every WordPress blog has an admin username
So, it is always advisable to remove the default username of your blog permanently. So, now the hacker neither knows the username nor the password, they need to guess both of them.
3) Securing the Database and wp-config.php and .htaccess files
These are some of the most technical aspects of WordPress security which needs utmost attention. Database is like the brain of your WordPress blog. It contains every single useful information which is required to run your blog.
By default, the WordPress database comes with “wp-” prefix, so it is very important to change to prefix to something like this “bf432lxz2112fk” which is almost unguessable by the hacker in any way.
The wp-config.php file contains very sensitive data of your WordPress blog, so securing it is very important. All you need to do is change the permissions strictly and move the file one step up from your main folder.
The .HTACCESS file also contains very important data which are required to secure your blog. So, change the permissions of this file so that it becomes unreadable and un-writable by others. Also, do not forget to disable directory browsing, so that hackers do not get any chance to view the directories on your server.
4) Taking complete backups of your blog regularly
Backup is just the next part of security. Securing your WordPress blog is never complete without a proper backup solution. You need to be very serious about taking regular backups of your entire blog.
If some day, your blog gets hacked even after taking all kinds of security measures then it is your backup that is going to save your day. Take regular backups of your Database, XML export and important files like wp-content.
Be prepared for all kinds of situations. It is best advised to use any automated backup plugin like BackupBuddy or BackWPUp to take care of the entire backup business of your blog, so that you can get enough time to write valuable content for your readers.
These are some of the most essential tips that you must follow in order to get your WordPress blog secured to some extent. There can be many other loopholes in the eyes of the hackers, but these are the most basic security elements that need to be taken care at the very first instant.
If you have any other security tip that you want to share it with your fellow bloggers, then you are most welcome to do so in the comment section. Let us help each other to make our WordPress blog more secured.
last recently day my blog was infected my a unknown virus, nothing tool reaches this
Twitter: dapazze
What is the virus attack on your site? I can help you a bit about it, if you explain me the problem.
Twitter: theworldtoptens
great tips. i use a security plugin to do these steps. My site was hacked once so i have experience. Install a security plugin and it will do the job for you. Well written, Aritra.
Arslan Shoukat recently posted..Top 10 Best Intelligence Agencies In The World 2013
Twitter: WinAppleWorld
What is the permission required to set on wp-config and .htaccess file?
Which one is most secure?
Anchit Shethia recently posted..Latest Security Updates for Windows 8
Twitter: dapazze
Hi Achit, WordPress.org has a great article for you in store to clarify this doubt. Sebastian also mentioned about this article in this comments. Do have a check at it: http://codex.wordpress.org/Changing_File_Permissions
Thank You.
Aritra Roy recently posted..A Comparative Study of Different Cloud Computing Models
Twitter: dapazze
Thanks a lot for your appreciation, btw, what security plugins did you use Arslan?
Twitter: theworldtoptens
I use BulletProof Security and Wordfence plugin. My host recommended it so i use these two plugins for site security.
Arslan Shoukat recently posted..Top 10 Best Intelligence Agencies In The World 2013
Twitter: dapazze
I myself also use Wordfence Security, but I will give Bulletproof Security a sure try after you mentioned.
Aritra Roy recently posted..A Comparative Study of Different Cloud Computing Models
Twitter: kirbyseo
Great advice. Can you provide step-by-step for each of these suggestions?
Twitter: dapazze
Yes, for sure. But this article is not exhaustive enough to have a step-by-step guide for all the tips.
Twitter: dapazze
I will surely write a another article satisfying your demands very soon.
Twitter: DiscoverAuction
I agree with the others Aritra. A good article with sound advice. Better to attempt to be safe than sorry.
Kirby, if you are with a good hosting service, make notes from this post, then go on a chat line with your hosting support. A good hosting company will be more than willing to walk you through some of these steps.
Also, Arslan’s tip for installing added security would be a benefit. I have it on my site. It not only protects the blog owner, but anyone who visits your site. A win – win as far as I am concerned.
D Hayes recently posted..Discover Increased Sales By Building Consumer Trust
Twitter: dapazze
Thanks a lot for appreciating my work, Hayes. Its also very good to see that you have helped the other users having problems here.
Twitter: internetdreamof
I am so glad I am having backups done everyday!
It is very important that you have your blog backed up in order not to lose all of your hard work.
Samuel recently posted..3 Twitter Tools For You To Succeed On Twitter!
Twitter: dapazze
Yes, how much security measures we take, there still remains a chance of getting our blog hacked, so the best solution is to take regular backups.
Aritra Roy recently posted..2 Big WordPress Flaws that Can Get You a Panda Slap
Twitter: googlai
Hi Aarati ! Thank you for your excellent guideline. Prevention is better than cure, so that protect wrodpress blog from hackers. Wordpess blog and CMS template has been gaining popularities but need to be careful from hackers, anybody can hack so that ‘kill the hacker’ and ‘save the blog’.
Googma Sansar recently posted..6 Ways to Get More Traffic to Your Site
Twitter: dapazze
Hi Googma, it would be good if you can correct my name’s spelling first.
Thanks a lot for your appreciation though.
Aritra Roy recently posted..5 Awesome and Must Read Comics by The Oatmeal
Hi Aritra, your first guest post here. Huh?
The topic of wordpress protection can be discussed for days and this post will help every newbie out there.
Thanks for the post.
Twitter: dapazze
Yes, Anurag, this is my first guest post here at CommentLuv. And yes, I tried to keep this article as simple as possible and focus it mainly for the newbies.
Aritra Roy recently posted..Top 7 Software for a Better PC Performance
Twitter: imeshed
I never really gave any importance to security things until someone actually tried to hack me. After that day, I never left my blog without security. Thanks for sharing these tips.
Saqib Razzaq recently posted..101+ Ways To Dramatically Increase Blog Traffic Part I
Twitter: dapazze
You are most welcome Saqib.
Aritra Roy recently posted..Five Ridiculous Ways to get your Inbox Hacked
Twitter: mujhmehaiwobaat
Thanks for such an informative post I have also few problems and from that moment I always backup my Blog, although your key points helped ne lot thanks for your magical words
Jaykrishna recently posted..5 Essential Tips to Overcome Basic Computer Issues
Twitter: dapazze
Thank you so much Jay Krishna for your appreciation. Glad that I could help you even a bit.
Aritra Roy recently posted..Substantial Ways to Create a Great Website
That’s a very good reminder, hackers are looming all over the internet looking for the slightest loopholes.
Twitter: dapazze
Yes Viren, you got it absolutely correct.
Aritra Roy recently posted..Interviews: Hongkiat Lim of Hongkiat Design Blog
Hi Aritra,
Really very informative post. My WP blogs got hacked last year but thanks to my technical team. They recovered my blogs. Thanks, for sharing this info.
Twitter: dapazze
You are most welcome Sana. What were the loopholes which got your WP blogs hacked, btw? It will help us secure our blogs even more.
Aritra Roy recently posted..7 Essentials for Blogging Success
Honestly speaking I don’t know much about it as my technical team looks after these matters, but they told me it happened due to shared hosting.
Twitter: dapazze
Oh. That is unfortunate. Btw, what Shared Hosting do you use?
Aritra Roy recently posted..Five Ridiculous Ways to get your Inbox Hacked
Twitter: winsonyeung
My wordpress and my server get hacked 3 years ago and the hacker have place a backlog access. Took me 1 months to clean away the hack and since then I have always ake sure that my wordpress security is tight.
Thanks for your tips here too.
Twitter: dapazze
Yes Winson. Also do not forget to take regular backups of your entire server.
Aritra Roy recently posted..2 Big WordPress Flaws that Can Get You a Panda Slap
Twitter: winsonyeung
Sure, I’m using Hostgator and they automatically do a weekly backup for my website. I’m simply a fan of hostgator because of their excellent support.
Winson Yeung recently posted..7 Key Performance Indicators Every Ecommerce Owner Needs To Understand
Twitter: dapazze
I was a big fan of HostGator before, but after their ridiculous service, I have shifted my trust from them. Without any prior notice, they suspended many of my sites for high CPU usage, but later apologized as that was snot the case.
Aritra Roy recently posted..Interviews: Hongkiat Lim of Hongkiat Design Blog
Twitter: winsonyeung
What hostgator plan are you using that you got banned from Hostgator?
Hi Aritra,it is very good advice for evry blogger.i take complete backups of my blog everyday to save my secret matter.
Shamim recently posted..Insurance Mobile Marketing Experts In SMS Advertising
Twitter: dapazze
Yes, it’s very important to take backups every day. Btw, what’s the “secret matter”?
Aritra Roy recently posted..Guide to Surviving the Google Panda and Penguin Storms
my blog keeps on getting hacked and i failed to found out the reason and finally ended up by shifting to blogspot.
Twitter: dapazze
Shifting from WordPress to Blogspot is not the solution, I think. You need to take care of your security properly, then you will never get hacked.
Aritra Roy recently posted..3 SEO Elements That You Should Not Ignore
Twitter: pathaderavi
I guess you have missed a Important Point. Once My blog Was Hacked when I was Just started with Blogging where My index.php was hacked, So I logged in to cpanel and changed the permissions to “444″.
By the way other tips are awesome explained.
Thanks
Ravi recently posted..How to Create Custom Screensavers for Windows ?
Twitter: dapazze
Thanks a lot Ravi, for reminding me this important point. I will obviously mention it in my upcoming articles.
Aritra Roy recently posted..Free Portable IDE for Windows : CodeLobster PHP Edition Review
Twitter: WerryAdnan
Choosing hosting provider is one of the most important thing in blogging security. I’m agree with you about this.I have bad experience in shared hosting. My blog was hacked many times. After using virtual private server, my blog is safe until now.
To anticipate being hacked, I’m always backup my web regularly. We have to do that, because nowadays hacker more skillful. It will be nightmare when your web being attack and you don’t have any backup. Thanks aritra for share this complete guide. It’s really helpful for me
Werry Adnan recently posted..Jual Jersey Grade Ori
Twitter: dapazze
Thanks a lot Werry for such an insightful comment on this topic. Glad to know about your story.
Aritra Roy recently posted..5 Awesome and Must Read Comics by The Oatmeal
Twitter: kirbyseo
What if you backup the hacked website before you know it’s been hacked?
Twitter: dapazze
I don’t think it will help much as the website has been already hacked. The files will contain malicious codes so backing up a hacked site will be no help I guess.
But some files will still be unaffected and you can use them anytime. You just need to identify which files can have vulnerabilities and which can not.
Aritra Roy recently posted..3 SEO Elements That You Should Not Ignore
Twitter: listverge
Well the tips look promising, I’m going to implement these on my website to secure it.
Thanks for sharing.
Salman Ahmad recently posted..10 Top Paid Casual Games for Android
Twitter: dapazze
Thanks a lot for your appreciation.
Aritra Roy recently posted..Guide to Surviving the Google Panda and Penguin Storms
Good advices, but one more thing that I have learned is that there are many blogs that have the incorrect file permissions. WordPress writes about the dangers here http://codex.wordpress.org/Changing_File_Permissions
Sebastian recently posted..PR och kommunikation, en viktig del av SEO
Twitter: dapazze
Thanks a lot for this valuable suggestion Sebastian.
Aritra Roy recently posted..3 SEO Elements That You Should Not Ignore
Twitter: Techblowup
Great tips for securing our wordpress blogs from hackers. Using a strong password doesn’t make it secure, We have use these tips for not getting hacked by anyone.
Twitter: dapazze
Glad to hear about your understanding about WordPress security with so much sincerity.
Aritra Roy recently posted..3 SEO Elements That You Should Not Ignore
What a co-incidence, I also wrote an article on this topic yesterday and published it today, but my article is about all blogs. BTW good tips Aritra, you haven’t warned users to beware of malicious themes, plugins etc. But still the tips are brilliant. Thanks for sharing.
Rehmat recently posted..Best Practices to Protect Your Blog from Hackers
Twitter: dapazze
Yeas its a co-incidence. Btw, what it the link to the article you have written? Let me have a look at it too.
Aritra Roy recently posted..Five Ridiculous Ways to get your Inbox Hacked
It is here and contains some common but useful tips for beginner bloggers :),
http://www.supportivehands.net/2013/02/protect-blog-against-hackers.html
Rehmat recently posted..Best Practices to Protect Your Blog from Hackers
Twitter: dapazze
Yes, I just had a look into it. Its a very informative and well-written article I must say.
Aritra Roy recently posted..5 Awesome and Must Read Comics by The Oatmeal
Thank you for liking!!!
Rehmat recently posted..Place AdSense Ads Above / Below Posts or Anywhere in Blogger
Twitter: salman1507
Really great tips Aritra !
I found the #3 point pretty interesting, so you mean that one should rename all the folders with prefix “wp” to something more secure or just the CONFIG file?
Salman recently posted..Nail Polish Designs: Choosing from the Best
Twitter: dapazze
Thanks a lot Salman.
I am mainly talking about changing the “wp” prefix of the database tables and not the wp-config file.
Aritra Roy recently posted..Substantial Ways to Create a Great Website
Hey Aritra thanks for sharing these helpful tips! I agree with the importance of protecting your WordPress blog- I use a good host, try to change my password once in a while and very important I always back up my data to be sure I avoid any unpleasant events!
Twitter: dapazze
Glad to hear that you follow my security tips, Dragos. I hope you never get hacked.
Aritra Roy recently posted..7 Essentials for Blogging Success
I realized recently that if the hacker finds your blog attractive enough to hack it nothing will prevent him from doing it.. Unfortunately…
Evan recently posted..Law Business WordPress themes 2013 best showcase
Twitter: dapazze
Yes it is true. But what actually made you realize this?
Aritra Roy recently posted..Free Portable IDE for Windows : CodeLobster PHP Edition Review
Twitter: HadleyHodgson
I was happy to see that I take all these steps with my site, so they must be pretty secure
Twitter: dapazze
Nothing is 100% secure my friend, Hadley. If the hackers want to hack you, then they will hack you. Nothing can stop them. They are just UNSTOPABBLE.
Aritra Roy recently posted..Interviews: Hongkiat Lim of Hongkiat Design Blog
Very informative article for securing wordpress.Now days where security is the biggest headache for bloggers i think your article could be the solution for it.Great post sir.Keep it up
Twitter: dapazze
Thanks a lot Sunil for all your appreciaiton on my work. Glad that I could encourage many WordPress users for better security.
Twitter: AAAccidentlaw
As WordPress becomes more capable and dynamic, so too will the potential security threats. You can never be too careful with you sites and information online these days, there is no telling what can be done with only a small bit of your important personal information, even the stuff on your blogs and websites. Protecting yourself is essential, and creating backups is a very good idea. As long as you have a backup copy on hand, any kind of attack can be reverted quickly.
Twitter: dapazze
You got is absolutely correct Paul and a very insightful comment too.
Twitter: http://www.nerdszone.com
Good tips, they may seem like common sense but it’s amazing the amount of people who still use insecure passwords and a username of “admin”.
Dave recently posted..Nerds Song
Twitter: dapazze
One of my friends still has his WordPress password as “password” and also “admin” username. Any novice hacker can even hack his blog in minutes.
Twitter: aromaselection
This is basic advice but still very important for everyone running a blog to make sure they understand and take action on all parts. Blogs are tough work and take a long hard time as well as good effort to become successful. The last thing anyone wants is to have the blog they worked so hard for become a victim of a security issue they could have prevented.
Thanks for the article, a great read.
Thanks a ton Grace. Yes, these are some of the basic tips. I will surely be writing a much more technical and in-depth article on this topic soon.
Aritra Roy recently posted..Why I will never Choose and Recommend Hostgator again?
Twitter: dapazze
You are most welcome Soina. Thanks you too.
Really great information here. It’s so important to protect yourself online and to a certain degree there’s no real security. However, avoiding little mistakes can save you time and money.
Robert Koenig recently posted..Deadly Hot Air Balloon Crash in Egypt
Now-a-days, online security becomes more and more important, Robert. I little bit of mistake can get you to loose years of work.
Aritra Roy recently posted..Would Next-Generation Video Game Console be defeated by Cloud Gaming?
Also, you need to get rid to some unknown plugins which you might not have downloaded from the WordPress directory and I would advise everyone to check the themes properly and even plugins too .
Yes, Bishwajeet, we should never keep deactivated plugins. It is always a good idea to delete them completely. We should also use Wordfence plugin to scan our blog regularly.
Aritra Roy recently posted..A Comparative Study of Different Cloud Computing Models
check this site out for zombie lovers http://gamercheatscode.com/black-ops-zombies-cheats
i didn’t use any WP plugin for the security but just focus on the database prefix and also a regular backup of my database, it’s good to have a restore plan once your wp is hacked.
You should use some WP Security plugins for sure. Just changing the database prefix is not enough. Its good to hear that you have regular backups of your site.
Aritra Roy recently posted..2 Big WordPress Flaws that Can Get You a Panda Slap
Installing a security plugin will make the job easier. Or is there a downside to it?
If you install a good and reputed security plugin, then there are no downsides.
Thats great..i am new to wordpress..i will follow these to be safe on this cyber world..thanks you
Glad that I could help you on it.
Hey,
it is very important and useful message for me. I think securing WordPress is an interesting topic.
Thanks for sharing me this useful article.
Twitter: prabhatrayal
hwllo aritra
securing our blog is the most important thing otherwise you may end up losing it. and yes hosting provides an important role. and choosing good and strong username and password helps a lot. we should also use plugins
prabhat recently posted..Top 5 Budget, Best Tablet under $200 or $250, 2013
Yes, you understood the most important points on this topic. Cheers.
I’m agree with you about this.I have bad experience in shared hosting. Backup is just the next part of security. Securing your WordPress blog is never complete without a proper backup solution.
backup making the intelligent person so prevention the wrong way the solution. so i think always take the backup everything.
Yes, backup is just too important. You should always have a Plan B ready if your Plan A fails.
Aritra Roy recently posted..Why I will never Choose and Recommend Hostgator again?
Twitter: prateek__tweets
Hey Aritra thanks for for useful information … These were really good tips..
You are welcome, bro.
Twitter: Praveen_Bhrdwaj
Is there any way to check how secure your host is?
Praveen Bhardwaj recently posted..Rihanna, Chris Brown Planning for a Wedding?
There is no such ways as such. Read some unbiased reviews. Ask some of your friends about their experiences. But its always advisable to use a VPS or a Dedicated server for maximum security.
This is great information. I freaked out when writing a post on my site when I noticed it looked like someone had found a way to put their ad where I had one of my good earning affiliate banners. I was using a computer that had a p2p download program on it. Good tip is to only use a computer that you know is secure. I was out of town so used a friends laptop. I would not do this again.
I got your point, but whats the problem with a P2P software? Is it a potential harm?
As for making the password as ugly as possible — I don’t think this is necessarily true; there was a great comics about it: http://xkcd.com/936/
As for the database prefix — what good does it do to change the prefix, if a potential hacker doesn’t have access to the database? And if does, simply changing the prefix won’t stop him in doing bad things.
The comics is really very nice, thanks a lot for it.
But I personally never believe using common dictionary words in password. This will make Brute Force attacks even more easier.
Using some Capital letters, digits, symbols, makes the permutation and combination almost impossible to guess.
hi, i am getting a lot of messages which make no sense how can i stop them.
Twitter: abhishek611991
Use a spam filter like Akismet It will filter out spam messages
abhishek recently posted..HP Slate7 Tablet Launched At Price Of $169
by saying messages are you talking about comments? Then I have a great article written by me, to help you on this aspect.
Twitter: abhishek611991
Really great and useful tips Aritra :).One has to always keep his/her blog safe from all kinds of attacks.These days more and more blogs are being targeted by attackers and one has to ensure the safety of his/her blog.
abhishek recently posted..Your Gadgets Are Spying On you
Thanks a lot Abhishek. Happy blogging.
Twitter: IncomeMC
Hi Aritra,
I agree totally with you on making sure that your wordpress blog is secure all the time. My blogs have experienced security threats at various times. Today I use dropbox for my backup needs. Really reliable!
Chadrack recently posted..Gain Peace Of Mind With Home Security Camera Systems!
Its good to hear that you use DropBox to backup your site. But what backup plugin do you use to remotely transfer your files to DropBox?
Aritra Roy recently posted..Why I will never Choose and Recommend Hostgator again?
Hi thanks for the post good tips for keep safe our blog from hackers. The 4 points you share that will certainly .
Thanks Ashutosh for all your appreciation.
Using SFTP is also a big deal too because you’re transmiting data. If it’s unsecured someone can hack into that data.
Yes, using Secure FTP is very essential to protect us from getting hacked.
Aritra Roy recently posted..Web Design and its Strategies
Thanks so much, I followed one of your advices and changed my login password!
Thats great. Keep is long and strong enough.
Aritra Roy recently posted..Top 50 Ways to Drive Traffic to Your Blog
hey,
Its a great and Unique Post ,this Post is very useful and informative
I am moved by your blogging skills and find your posts attractive. I am a new blogger and would like to learn from you.
Thanks for such a nice post
Thanks a lot Deepak. I would be glad to help you in anything. You can visit my blog daPazze.com where I write regularly.
Aritra Roy recently posted..Build an Email List for your Ecommerce Store: Top Ways
wow… this is an interesting post, one worth sharing. thanks
babanature recently posted..Optimizing Your WordPress Database For A Better Performance
Very helpful tips for securing wordpress. Thanks for sharing.
Btw, is it so important to move htaccess file to a parent folder? Some plugins might need it in the wordpress directory to work properly.
I didn’t have any problem when I moved it to the parent folder. You can try that too. If any plugin shows some error later, then undo the change.
Aritra Roy recently posted..Why I will never Choose and Recommend Hostgator again?
My website was affected by the hackers few days back . I recovered it somehow. But you tips are really good.
thnx
How did you recover your blog Sara? Share the experience with us.
This will help me allot to save my WordPress site because I am new in wordpress
Twitter: thinkingpulse
Completely agree with you. We need a blend of all the best practices to secure our wordpress site. Although, in current times even high class sites are getting hacked but as a blogger we should ensure that at least our blog is safe from those amateur and ‘wanna be’ hackers. This subject is so vast that it is not possible for any one to cover it in one article but quite well summed up here.
Thanks
Riz recently posted..BSNL Broadband Plans
Twitter: chetanbhasin
Oh! Thanks for such a nice article. I was in search for something like this.
By the way, which hosting providers would you recommend?
Well Upload Shell on your wordpress and change wp-config permission
use .htaccess to protect admin area
change index path to prevent defacing
fb.com/Shiman0
Nice tips! I’m using wp-bettersecurity and it seems to do most of this. It also notifies me of the hackattempts which are a serious issue on my wordpress sites. I’m getting many attempts every day, mostly out of eastern europe.
Twitter: https://twitter.com/Shoryabist
Hi ,
Thanks for sharing the information , it will really help me.
Thank You
Shorya Bist
From Youthofest
Shorya Bist recently posted..How to prepare for an interview?
These are quite basic steps every single blogger should take care of but big thanks to you, Aritra, for reminding about them.
all security tips are awesome, but I recommend to take your website/blog backup regularly. if security options failed then backup will help you to restore again…
Excellent advice, Aritra. I recently started up a new WordPress website and have been looking at additional security options.
Although my host does an automatic backup I didn’t feel entirely comfortable with that. So I’ve also added some WordPress plugins as you suggested to do another backup just to be safe. Some of them will save to the Cloud too which is fantastic and makes me feel like I will be able to quickly recover in the future if I need to.
These are good tips. I need to secure my blog more. However, I doubt hackers are very interested in mine.
Twitter: OddRandomThots
This is some important stuff Aritra. Security for any website is a must these days. Hackers skills and methods grow rapidly and there would be no worse feeling that for ones website to go down in flames. I always implement all these tactics on my sites and maintain current backups of all my tables and settings. Thanks for posting this, everyone should be aware of how to protect their hard work.
Robert recently posted..What is a Lobotomy and Can it Cure Depression
Twitter: bhar
Brilliant tips to secure your site from hackers and also loss of function from either your end or hosting end. There is no substitute for making sure that you backup regularly. The BackupBuddy is good plugin, I have heard very good thing about it.
Shalu Sharma recently posted..Holi – Festival of Colors
I haven’t tried BackupBuddy yet. I use WP-DBManager for my database backups and Better WP Security for backups of my settings etc. I really enjoy using Better WP security because it has lots of great features, has a to do list and is really easy to use. It scans your blog for all sorts of security issues and fixes them with a click. But I’m not sure if it’s the very best security plugin for WordPress, so my question is whether Bulletproof or Wordfence would be a better choice?
Thanks!
Very Good Post! Definitely will consider!
Biggest fear for any Blogger! Being Hacked. Nice tip but can you plaese help me out on this “Securing the Database and wp-config.php and .htaccess files”. Details or Any link on how to do it.
Twitter: mastertushar
@author
Which method or tools you are using to take regular backup of your WordPress site?
I mean I am running more than 10 WordPress sites so its not possible to take manual backup of files and DB each day. Let me know.
Tushar Thakur recently posted..Does your Android really need an antivirus?
great post awesome tricks for wordpress. keep it up dude… and come here for download free movies with Alive Movies Links
Twitter: pathaderavi
Yes Is there any WordPress Plugin Which Can Take Automatic Backups everyday?
Ravi recently posted..4 Methods to hack Facebook Account used by Hackers
While the post is simple and short, it is really great for me and for any beginner who know nothing about the matter more than using a strong password
Thanks Aritra for your article.
Twitter: bloggingheaven
Thanks Aritra for such great information and great tips so every should know the core basics of security
Hi Aritra, this is a good list, but….do you mind if I say that there are many more ways to protect your blog from hackers that you haven’t included?
There are many really easy-to-do, basic security checks that anyone can do – and that everyone should do.
For example: you can create really super strength passwords (and a different one for each important url or account) and they are passwords you really can remember: Check out my website to find out how –
NB Aritra: I don’t want to hijack your article, but there are many things that Bloggers should do in addition to what you write about here.
For example, You should change your Admin name to something other than Admin – anything is better than Admin! If you use Admin, that is 50% of your front door security that’s left wide open for hackers.
How about Changing your Login name to something which isn’t your name? Change it to a name that cannot be guessed by anyone who visits your blog. And there are many other simple and easy to do.
I have written a Security Checklist for Bloggers which lists 10+ security essentials and explains exactly how to do each of them.
Anyone interested can find the article at my website along with other Website Security articles.
Carol recently posted..Website Security: Security Checklist For Bloggers
I never said that this article is a complete security checklist. I have written various articles regarding them in my own blog http://dapazze.com. You can check them anytime.
I will write an another exhaustive article here too about WordPress Security. Thanks for your suggestions too.
I think configuring your htaccess properly can do wonders for security.
Aritra,
Thanks for this info, I have found the subject of “securing your blog” to be a little overwhelming as there seems to be so much that needs to be done. What are your thoughts on using services such as cloudflare? Also, do you recommend using plugins that backup your WP install to dropbox and other similar services?
Cat
Thanks so much! I have had issues with WordPress Security in the past, and after changing my password to look as ‘ugly’ as possible, my issues have resolved themselves. Thank you so much for some more great tips on security.
~Dakota
Taking complete and full back up always and getting good host is my best tips for blog security, Thanks for sharing.
Donatus recently posted..Sure Explaination Of Insurance Terms
Twitter: enstinemuki
Hey bro,
I think constant backup of our wp files and database is what we should not toy with. Security should never be taken with levity.
Thanks for the tut
Enstine Muki recently posted..Why don’t I make money blogging like others?
I am using Hostgator and Ipage shared hosting plans. What is your opinion about their security?
Another thing that is important to safe guard a wordpress blog is to regularly update the plugins
Twitter: Cosmeticopedia
Yes, security is a must. But if it fails, backups are the only way to get back to the latest state of a website. We have no excuse since there are a lot of articles about doing this operation for WordPress sites.
Hi,
I think it is really useful and informative article but i think it is better for previous article!!
Thanks for share with me!!
Twitter: nusitegroup
Thanks for the info. I’ve heard about securing the htaccess file, going to call my dev friend tomorrow and have him do just that. Any reconciliations on a plugin to secure you from someone trying to hack your login? Thanks!
Shannon Ryan recently posted..Do I Need to Waterproof My Basement?
Twitter: bloggingheaven
Brother you forget to tell about the htacces file and how to protect it and what are the signs of healthy htacces file. Peace
Tayyab recently posted..EXPECT GOOGLE PANDA UPDATE ON THIS FRIDAY OR MONDAY MARCH 2013
Twitter: shureekn
all the above method are helpful
i m using hostgator hope, it is a secure one.
i backup my blog regularly
but some of them i dont know like “secure web.config”
thank you for sharing Aritra
Great list. But can you help me how to secure .htaccess file. Everyone say so but I dont have specific knowledge on how to do that. others I have make it sure.
Getting hacked is one of the things any website or account owners dread to experience. I always do security measures like updating my plugins often.
Connor Harley recently posted..How to Make Filing Taxes Easier
Thanks for this useful information. Now-a-days hacking accounts is a very common problem and this article provides good solution to all of them.
you have given nice solution for hacking, it is very useful tip and it is also a informative post.
thanks for sharing.
Gajendran Megajolla recently posted..Shout me loud am a professional blogger
After an exploit attack I decided to follow these steps and never more I had an attack. You are a very skilled blogger.I use login lockdown to protect my blog, how do I hide the WP version from my blog?
Twitter: mastertushar
Running more than 10 websites. It is really not possible to take backup for each and every personally. Need anything working method to take database and files backup automatically.
Tushar Thakur recently posted..8 Things to consider while designing ecommerce website
I strongly agree with the point says Making Backup is necessary since it can be used to restore the blog
Twitter: pathaderavi
Is there any Plugin which can Create Backup on Regular Intervals and Send those Files over any E-Mail Account?
Ravi recently posted..Top 6 Stickam Alternatives to use After Stickam Shut Down
Twitter: ashish_therao
mostly blogger use username admin by that there blog were hacked.
ashish recently posted..5 Affordable Portable Chargers To Fulfill Your Battery Needs On The Go
Twitter: musicianmakers7
Aren’t there also some plugins that help with security too? I know of one but forgot its name but it did help with the database prefix thing
Leslie Edwards recently posted..The Basics On How To Make Electronic Music: Drum Loops
Twitter: jonnalarajkumar
wow great suggestions this is must every blogger to take care of their blogs from getting hacked… thanks for sharing this useful article with us
Twitter: surajramnani
Hi,I was looking for this..Thank you for the article..Keeping the blog safe is something that must be on top priority of every blogger
Suraj recently posted..Sony Xperia Z screen of death problem to be fixed soon
Hey Aritra,
Nice post and Thanks for sharing this post because now days its very easy to hack any account and if someone hacked our wordpress account then all of our hard work will easily wasted. We should use strong password having integers, character and some special character.
Sudipto recently posted..Best Love Stories Of All Time
Twitter: keralpatel
I usually take out the generator meta tag from the wordpress blog. Because that is the footprint that most of the hackers do look for in order to find a vulnerable blog.
Twitter: rich_amor
Wordfence Security.. I think I should try it
Rich Amor recently posted..Perawatan Kulit Harian untuk Berbagai Usia
I am leaving here and going directly to implement #3 on your list. I hadn’t realized that I even had the option of altering that without messing something else up. Thanks!
How do you put wp-config.php file in upper directory when you have WordPress installs in addon domains which have directories created for them in public_html ? If you move wp-config.php from every addon domain directory, you would overwrite same file over and over.
What do do in such case where you have several WordPress blogs installed? Can you create and designate wp-config.php file of each to specific directory?
Thanks for the info and thanks for helping me get my wordpress site secured as it should be – can never be too careful nowadays – in fact im amazed at how many bots i get trying to have a go at my site – anyways thankyou.
i really appreciate you for the effort u have taken to write this post, by the way i would like to ask u something that is if i access my WP site through my computer which is affected by virus, will it affect my site too ?
Greta post, Aritra.
I dont’t realize that WP is easy to be hacked until I read thi post. Now I can protect my site.
Thank you.
Ilmu Kimia recently posted..Sifat Kimia Polimer
Thanks man for the post.
I recently wrote a post on wordpress security, which actually is a hybrid of all posts on Internet on wordpress security tips. I tool some of your tips as well as of others and Included some of mine as well.
By the way thanks.
Thanks Aritra, you have posted such a nice and informative article about the word press securing techniques. I really liked your post. However, I want to add one more thing here that we also have to conscious about the robot.txt editing from the c panel. this is also the most important thing to do .I must share your article with my friends. Thanks for sharing me here my point of view.
I liked your article but seems too difficult to maintain all these points intact. For those who own a couple of blogs can follow all the steps listed above but becomes impossible for people who own websites in double or even three figures. I have seen many people securing their sites with various wordpress plugins.
no doubt these are absolutely perfect tips for securing the blog in wordpress and every wordpress blogger should read this
Twitter: TpeBlg
I use a plugin called “Login LockDown” to protect by word-press blogs from login theft. It implements a 1 hour lock out of an IP block after 3 failed login attempts. I need to start taking regular backups.
Chang recently posted..HTC First to Launch Facebook Phone on Android
awesome tips man. one my my blog is hacked recently. this is much needed tips for me .
Twitter: Rohitkabdwal
I don’t know what is happening in the background but it seems like this article embedding some predefined script along with the article..,
I’ve seeing some unexpected extension to the words like… “doesn’t ” (9th line form top)
Rohit recently posted..Top Budget Smartphones under 10K price range | 2013
Twitter: mchhimwal
hello Aritra ..
Ya you said right security is very crucial for any blog. And creating the backup of site regularly is very important .Thanks for this wonderful tips Aritra .
Mahendra recently posted..Ways to reduce cell phone bill :easy and effective
Twitter: GlobalCraze
Whenever i read the tips for wordpress blog security then i get worried about my blog security and I start asking with me that Is my blog secure??? Haha
But Its nothing. Its only the proof of how much i care of my blog.
My blog is totally secure. and thanks aritra roy for sharing these valuable tips with us.
Regards
Chetan Gupta
Chetan Gupta recently posted..10 Cool Things You Should must do This Weekend
Twitter: fitcomtt
Good tips Aritra but the plugin Better WordPress Security does everything you just mentioned and more
Osei Fortune recently posted..Best Security Plugins For WordPress
Twitter: techguru3D
Great Tips… Would find some time to implement all this you have explained regarding the securty of wordpress…
SAJID recently posted..Gmail Login – http://www.Gmail.com – Gmail Sign In