As WordPress is an open source software, hackers can get into the codes and find out the loop holes easily. Also with WordPress you can easily customize the codes to enhance your blog and also at the same time you should be aware that one should make sure of the WordPress security so that hackers don’t get the chance to screw up your WordPress blog. If you’re into making money with your blog, then you should really take this serious. We cannot completely protect the WordPress blog, but at the maximum we can secure the blog so that you don’t be a victim of the basic security issues in WordPress.
Your Blog security is important on your WordPress Blog, so as a matter of fact, no one would want to see their blog get hacked or screwed up by the hacker. All the hard work which had put in will go waste in minutes. Here am going to talk about some vulnerabilities that WordPress has and thereby where hackers use these vulnerabilities to screw up your WordPress blog. Some of the deadly mistakes which can kill your blog, never take this as casual thing, because I have personally seen on many security forums, where people talk about the issues that they have faced when their blog got hacked.
First of all, You should follow the basic WordPress security measure quoted from the WordPress team. You can follow them here. These are the basic measures smart choices that effectively lower the possible entry points available to screw up the blog.
First let me list out some of the basic security holes.
- Keep up to date with the latest WP version
- Change Default Username from Admin to some other name
- Back up! back up! backup!
- Choosing the best strong passwords for your admin panel.
If you find what you think is a bug, report it, so that it could avoid turning down into vulnerability.
You can read about the other security measures for admin panel, database security, file permissions, server thing and many more. Read about it here.
Never Use Pirated WordPress Theme
Trying to save few bucks in the premium theme (which most of us prefer for its elegant look and customization), these premium themes are available on torrent download which many people download it and use it on their blogs. But they forget that, the biggest shock is, many of the premium themes which are available on torrents and few warez websites has malicious codes hidden on the theme files which will cause malicious attacks and un necessary bandwidth problems. So the first thing you give access to the hackers is via pirated WordPress themes. Never use them, for that you can always prefer simple minimalist theme from WordPress panel.
Unwanted WordPress Plugins
After the theme level vulnerability, the next most thing hackers dig up is the plugins which you use on the blog. When we talk about plugins, there are two things, the most rated and popular plugins, the next is the new unrated plugins which offers some stupid things. Choose the plugins wisely, never overload your blog with plugins, choose which ever is useful to the blog and install it. Never go for unrated new plugins. Always check out the review of the plugin and the ratings, number of times it has been downloaded and then go for it. If you’re using some popular plugins, then make sure you keep them up to date.
Also here are some list includes some of the most critical WordPress vulnerabilities known to the security community. If you’re much interested to learn about them, you can click this link to find more about WordPress vulnerabilities.
One should understand that, using some best WordPress security plugins can secure your blog from hackers and spammers. I strongly recommend these WP plugins to use on your blog.
- WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
- Secure WordPress – Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
That is definitely true. Free themes and plugins are great, for newbie bloggers where the risk of getting hacked is minimal but for bloggers who make a living by blogging, maybe spending some cash for paid themes and plugins isn't such a bad idea. If you compare the damage of getting hacked versus the money that we will spend on these things, it's a good investment because the time and effort that we spent on our blogs can never be taken back if something goes terribly wrong.
You cant stop the Hacker's from Hacking, the only thing you can do is to make it hard for him to hack. Nice Post.
There are some things you can do with manually editing .htaccess file to prevent some unwanted activity too. Obviously it won't stop or prevent everything, but any additional security measures one adds can be helpful. Like you mentioned always good to have a file and database backup just in case. Good tips.
Great tips, Sri 🙂 Keep on giving some valuable post on here 🙂
I saw many of the sites screwed up just like that by installing some php script plugins. so never install the plugins which are not certified or fan made.
Nice security tips, i guess making regular backup is an absolute must. I will try the security scans now, haven't tried them before.
I never knew wordpress premium themes are available in torrents lolz:D
I don't understand this post. You say the you have to change the default admin name into something else to make your site more secure.
Well, your username is now <b>srivatsan</b> and I don't see why this one is more secure than admin…
Please some more explanation coz I'm confused.
Jim, Srivatsan is our guest author. He posted this article via his 'contributor' account and not 'administrator' account.
This is my (admin) author URL : http://hellboundbloggers.com/author/admin/ (now this shows as 'admin', but the username is not)
This is Srivatsan's author URL : http://hellboundbloggers.com/author/srivatsan/
Cheers. 🙂
My point is actually that it isn't hard to get the admin login name. So whether you change it from admin to something else, it doesn't matter that much. Better have a strong password and update WP as soon as there is a new one.
Or even better, just create a new user, let's say 'Jim', and give him admin rights. Leave your admin there, but give it subscriber rights. As soon as hackers are happy that they've cracked the admin password, they find out that they can still do nothing… 😉
Cheers!
Jim
p.s. Your login name is admin, right?
The administrator's login username is not 'admin'. I also agree with your tip as it may confuse the hackers. 🙂
Thanks for sharing. We must use strong password and should not share it with any one. 🙂 Covered all important points.
Taking into account the loss a wp hacked blog causes to you as a blogger.. these are very good points worth considering…
thanks for the share , good pints to check out!
That's really awesome post Srivathsan…. I always use WP Firewall 2 in my blogs.. It helps a lot…
I got spammed by a contributor!
His spam post was published without my approval. Thanks for this post I am gonna scan my wordpress 🙂
Nice list of security issues. I have known many people that have had their WordPress blog hacked. Some of them had a backup, while others didn't I backup my WordPress blog on a nightly basis, so I'm prepared if I need to restore from a backup.
The one major security area people probably don't pay too much attention to is in the creation of passwords. Having a password that is at least 10 characters in length with a mix of alphanumeric, and special characters is preferred. The longer the better.
I'm not using wordpress as yet but I'm soon going to move to wordpress, now I'm already prepared for the chances of hacking.
Hacking is been great concern for every online work and you need to be prepared yourself in advance to reduce the chancing of hacking. These are really great points to care about.