How To Secure Your Wordpress Blog Against Hacks and Hackers.

Securing Your Wordpress Blog.

It has come to our notice that most wordpress and joomla users
complained of their website been hacked, hence this will serve as a
guide for boosting your security.

1) Hide your plugins folder.

Anybody can gain access to your blog folders containing themes,
uploads and plugins.This is a good opportunity for hackers to gain
access to your blog and your entire server.
Your wordpress blog plugins are located in To hide the plugin folder is
very easy. There are two ways to do it.

a. Using the .htaccess file. This method is used to disable browsing
the directory of your site sensitive files.

To do this, go through the FTP client, locate the .htaccess file.
Then right-click to open it with Notepad. After that, add this code:
Options All-Indexes

In some cases, you may not be able to locate the.htaccess file. This
depends on the type of FTP client you use. For FileZilla, go to SERVER

b. Cpanel - Directory browsing can also be turned off through the cpanel.

This is very easy if you cannot handle .htaccess files.
Cpanel displays your entire website files and folders through the
"Index Manager".
Using the cpanel option, the server automatically creates the
necessary .htaccess for you.
Some people find the tree format display of cpanels easier.

2) Define user privilege for your multiple-author blog.

If the content of your blog is contributed by multiple authors, there
is need to assign access rights limits or privileges to each author.
To make the administration easier, you should install the User Access
Manager. The plugin enables you to manage the access to the blog
posts, pages and files. To use the plugin, you only create a user
group, put registered users to this and set up the access rights for
the group. The post/page will then only be accessible and writable for
the specified group

3) Always upgrade WordPress and plugins versions to the latest ones.

Make sure the version of WordPress is the latest.
Latest versions always fix the bugs and other security issues of the
previous versions.
This also applies to plugins. It might be difficult to upgrade at
once if you have multiple niche blogs.
How can you upgrade 100 niche blogs at once.
This is a disadvantage of maintaining multiple blogs. In my own case,
I do not just install plugins. I make sure that the ones I install are
ones I really need for making the site make money. Not just fancy
I don't install plugins because everyone else is installing. This
makes it easier for me to plan and upgrade all of the wordpress
versions and plugins in no time.

4) Do security scan regularly.

On a regular basis, do a security scan of your blogs. A security scan
reveals if you have correct CHMOD permissions for all website files. A
good plugin to do this is the wp-security-scan plugin. The plugin also
proposes the correct ways to fix those security loopholes found in any
file or folder.

5) Use Secret Keys in the wp-config file.

Hackers are getting wise everyday. They are always creating new ways
of hacking websites after new version of wordpress is developed to
combat the security vulnerabilities of the previous one. Hence, you
need to use a security key in order to completely put your site under
tight security.
A secret key is very good because it makes a blog difficult for
hackers to hack. Not only that, secret keys make access to a blog
harder to crack by adding random elements to the password.
A secret key is a password with elements that make it harder to
generate enough options to break through your security barriers.
Security Keys are single-line definitions in your WordPress
configuration file,the wp-config.php. If you don't know what the
wp-config.php file is, it is the file that stores the names, address
and password of the database that the blog needs to function. The file
also stores user details and blog posts. It is in fact the engine that
keeps a wordpress blog moving.

6) Encrypt your login.

Wordpress has some security weaknesses. One ofthem is that whenever
you login to your blog, your password is not encrypted. The security
flaw is more serious if you are on a public network where a hacker can
easily download your login information with login harvesting scripts.
Encrypting a wordpress blog is to be done with the use of SSL or
other secure protocols. The problem is that most people don't have the
technical skills to do this. Hence, if you are one of them, you should
use the Chap Secure Plugin. The only problem I have noticed with this
plugin is that it can give errors even when you have set the
parameters correctly.



Get your own cheap laptop and notebook at


Post a Comment