How To Secure Your WordPress Blog
I love WordPress. This blogging platform, in my opinion, is the best there is.
For online Newb’s and Veterans, creating WordPress blogs/websites is fast and easy, once you have a few of the basics figured out.
Unfortunately there are those that will take advantage of the popularity WordPress enjoys and do what they can, to wreak havoc on your blogging world. Once your WordPress site/blog has been hacked, you are in for a lot of work to clean and repair the damage caused by the moron.
While having your website (WordPress or otherwise) 100% secure may be a fairy tale because if the right person wants what you have, bad enough, they will get it. However, you can put into place, certain measures that will help protect you against most of the would-be hackers on the prowl.
Here are a few ideas you can check into, that will help secure your WordPress sites.
First of all, there is a fantastic plugin called WordPress Security Scan from the people at Semper Fi Web Design. This plugin will do the checking for those security holes, for you. This is a great tool to have but some people have a couple of issues to getting it to work. Mainly due to the instructions not being followed to the letter, before using the plugin.
So I recommend this plugin highly…but before you even download it to your computer, you need to read the instructions and ask questions of the fine folks at Semper-Fi.
That being said, lets move on to some more tips to keep the evil doers at bay.
1.Directories should NOT be left open for public browsing. In the latest versions of WP this issue has been fixed but lets take a look-see anyway in case you, for some odd reason you are not using the latest version of WP…
For example, if you go to your WP plugins directory like so..
http://yourdomain.com/wp-content/plugins/ and you see a blank page or get redirected to a 404 (file not found) page, you’re almost certainly safe.
If however, you see a list of file names displayed as links, it might be time to take some action & try one of these two fixes:
1.Make an empty index.html file and upload it to your wp-content/plugins/ directory or for the more geekafied..
2.You need to edit the .htaccess file that lives in your WordPress root directory. (Make sure you’ve set your FTP client to “show hidden files”. If you still don’t see an .htaccess file, create it and upload to your WordPress root directory, which should contain a file named wp-config.php).
Next, open the .htaccess file in a text editor, add the following two lines to the bottom, and save the file.
# Prevents directory listing
Options -Indexes
That’s it! You’re done.
If your site has been hacked, then here is a tool to help locate the ‘poo’ left behind. It is a WP plugin called WordPress Exploit Scanner. This plugin can be a time-saver in locating the bad and infected files you need to fix in order to get your site back to pre-hack stage.
I say ‘can be a time-saver’ because it is a very slow process with the plugin but an even slower process without it.
For details on instructions on using the WordPress Exploit Scanner, be sure and head to their website http://ocaoimh.ie/exploit-scanner/.
These are just a few things to consider when trying to secure your blogging empire.
I cover several additional security related ideas as well as a boatload of other tips & techniques in creating, configuring and profiting from your WordPress sites in my latest video series titled ‘WordPress Video Manual’.
I’ll have it ready in the next day or two.
Thanks again for taking the time to read this post and I hope it helps.
Sincerely,
Steve D.
Related Blogs
- World Cup Security Concerns: Are You Worried? « Safe Travel … | ZCed.com -:-Ultimate WordPress Theme Download Site
- Marketcalls » Blog Archive » How my wordpress blog got attacked and restored
- Protect Your PC From Hackers With Free Adware and Spyware Removal! | Computer Recipes
- WP Highrise Contact Plugin For Wordpress
- Antispyware Security Scanner. « onlinesecurityblog.info
- List of the best WordPress tricks!
- Google SkipFish: Web-Application Security Scanner
- Beware hackers piggybacking SEO success | Web Design Resources
{ 4 comments… read them below or add one }
As usual – great information Steve!
Nick Teetzel
Really good and informative information!
All The Best,
Mike Berglund
Great stuff, had a few questions about this at our last British Library seminar now I can refer people this way
Thanks Thomas
I’m glad I can help and by all means…send ‘em on over
Thanks for commenting.
Steve D.