As one of the most common blogging platforms, WordPress is the home for many bloggers all over the world. With simple implementation and a wide range of features, it is a no-brainer for many to go with WordPress.
Security for any website or blog is always a concern, and finding a solution is not necessarily simple. While you should definitely consult more than one source regarding security implementations for your WordPress blog, here are a handful of tips to keep your blog secure :
#1 – Protect your Admin Folder
Hackers can attack your blog efficiently by aiming at your wp-admin folder. While you can limit the IP address that can access this folder, you may want to look into WordPress plugins that can help here. Such plugins will require a second-layer password or lock someone out with failed attempts, and so forth.
#2 – Keep up with the Basics of Security
Just like your computer, staying up-to-date can be a simple and effective security step. Keep your WorkPress, theme, plugins, and other aspects of your blog up-to-date with the latest versions/updates. Back up your site regularly in case something happens as well. Check this Simple Guide for WordPress Backup or you can also use Dropbox for WP Backups.
#3 – Use your FTP Uploader Safely
When you are using FileZilla or any other FTP uploader for your blog, make sure that you check your files and destinations before uploading. Double-check locations before uploading any files – the wrong place can be a great security risk.
#4 – Change Your Passwords
This is most evident when using the default WordPress passwords; of course they should be changed. Even then, though, using a complex password (10+ characters mixing letters, numbers, and symbols) is a good idea, as well as changing it every once in a while. This also goes for your hosting company with regard to your login information, as a security breach there is just as devastating. Check the tips for Creating Secure And Strong Passwords.
#5 – Use SSH Instead of FTP
SSH as opposed to FTP is encrypted. Disabling the latter and using the former can add another level of security to your blog. Make sure you have an uploader that can handle this.
#6 – Block your Files/Folders
There are simple lines of code for blocking search engines to your WordPress folders, blocking access completely to your admin folder, and so on. With a line of code a piece, take the time to put these valuable clips into your blog to keep out the threats.
#7 – Delete your Version Number that is Visible
Either by plugin or in text editor (Meta Tag), you need to get rid of the visible text that many WordPress themes display in reference to the version number. That is a gold mine for hackers.
These are some of the primary tips that you should definitely implement on your blog. Certainly there are plenty of others that should be considered. Be sure to check with WordPress, your theme, and your plugins – as well as other valuable sources online and in literature – for more steps to increase the security of your blog. But please do remember, nothing can substitute a good hosting. So always use Trusted Webhosts.
Its valuable post. Research had made it known that hackers generally target WordPress hosted sites,because it seem to be the most popular open source script that can be used to build blogs as well as regular sites professionally.So its necessary you take some steps to protect your blog to avoid the tragedy that will happen if your site got pulled down by some kid down the block after your hard-work. Thanks
Its important to keep the password changing from time to time. Also, what we choose as our passwords should not be the easiest on the keyboard, in fact, it should be so twisted that the hackers will never be able to crack it.
Thanks for this tips. Actually like me everybody is worried their wordpress site’s security. These recommendations are very helpful.
will try sftp. may be ftp was the reason i faced some hacking attempts on my blog. nice post
Very genuine and important things to keep in mind. WordPress is the only CMS where you need to have so much security
WordPress is not completely secure and efforts should be done to improve security. You shared some very nice tips. Thanks a ton.
I know few of these already some are new to me, thanks for sharing it 🙂
Oh by the way, now HBB has PR4! Anyone else notice any PR update today?
Yes, back to form. It was just a minor update, rarely people noticed it. 🙂
i think it was not a PR update. your PR updated because you have removed www from hbb url.
I think the most basic and every blog owner should do is to always update to the latest WP version.
also checking file permission is required for wordpress security.
These are very useful tips for bloggers, Jessy…
Also to be included to the list is not to have the default WP username admin which is again crucial. this is the one that I am following 😉 will bring into operation the above mentioned too 🙂
nice tips on WordPress security..i liked the SSH one i will try using it instead of http://FTP..
I would suggest using SFTP for uploading and Downloading files form your server coz I have faced the hacking problem after using the FTP. SFTP is very safe..
Thanks a lot!
Useful tips.
Security is important. You could also use a different username. And not just “admin” or your habitual username
Very effective & knowledgeable post…. I’m willing to start my own blog but before that I’m collecting all necessary information. Thanks for sharing these valuable information.
WordPress security is traditionally tighter than other CMS (I think of PHPNuke for example) but this doesn’t mean it shouldn’t be taken care of.
Great tips, especially the one about passwords – too often people use the same 6-chars password across 10’000 websites – and masking the version number, something I didn’t think of and I am going to look into right now.
Very informative post Jessy.
very interesting and informative post thanks mate 🙂
Yeah it is very essential to ensure the security of your blog ! i have to still do these things up !!