31 January, 2012
WordPress is one of the most popular CMS script available now. It has great feature, can be installed and handled easily. We have seen many of our customer using WordPress for their site. Once your site is getting popular, intruders will always try to break your protection. So it is very important that you have sufficient security protection enabled for your WordPress site. On this post, i will try to give some tips which will help you to protect your WordPress blog from getting attacked or hacked.
Always Update: WordPress does release new update frequently and one should update his/her script as soon as the update is available.
Change Permission: Make sure to have 600 permission which means read and write permission for the user only on your wp-config.php file. You should be able to change the permission from cPanel File Manager.
Install Security Plugins: These are some very important security plugins which must be installed on a WordPress site.
1. Better WP Security: http://wordpress.org/extend/plugins/better-wp-security/
2. WordPress Firewall Plugin: http://wordpress.org/extend/plugins/wordpress-firewall/
3. WordPress Antivirus Plugin: http://wordpress.org/extend/plugins/antivirus/
4. Secure WordPress Plugin: http://wordpress.org/extend/plugins/secure-wordpress/
5. Wp-Malwatch Plugin: http://wordpress.org/extend/plugins/wp-malwatch/
Protect the Admin Folder: You can protect your WordPress Admin folder with Directory Protection which will add extra layer of security. You can enable the protection by going cPanel >> Password Protect Directories.
Limit Admin Access: As WordPress admin folder is one of the most important folder, so we suggest to limit the admin access with IP. Only the allowed IPs will be able to access the admin folder.
Here is how to do this:
i. Create a .htaccess file under the WordPress admin folder
ii. Put the following code in it
allow from 0.0.0.0
deny from all
Please change the allow IP with your IP. You can find your IP by accessing the following site: http://www.whatismyip.com
Backup Regularly: TetraHost do take weekly backup of your content but it is always better to take regular backup of your working database and wordpress contents. Unfortunately if it got hacked then, you can easily restore your site from the latest backup you’ll have for it.
Remove WordPress Version: Hackers are smart enough to crack the wordpress blog even if they came to know the wordpress version. so its always safe to remove your wordpress version. Here you go for it:
Go to Appearance > Editor and choose the Header.php file and delete below code from the source code to hide your WordPress version:
<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” />
That’s it. Follow the above steps and you are secure in all way with a WordPress site!