How to Secure a WordPress Blog?
Hacking a WordPress blog may seem an intimidating task for you, but not for the seasoned hackers. More importantly, hacking a WordPress blog is becoming common these days. It is important to protect your WordPress blog if you care about it. Think this way, you worked hard to create a blog, created a traffic base for the same, only to wake up one fine morning and see that it has been hacked. You will lose the traffic almost immediately; the biggest damage will be done to your reputation.
This blog post is aimed to help you with securing the WordPress blog. No measurements are full-proof, but, it’s more about making the fortress stronger.
Change Folder Permissions
It’s important to make sure that none, other than you, has the write option in your website folders. To ensure that, you have to follow these steps:
- Login to your WordPress Linux shell.
- Execute the following command and find out the directories which are open for anyone to write: “find . -type d -perm -o=w”
- You can change permissions of a particular folder with the following command: “find /your/wordpress/folder/ -type d -exec chmod 755 {} \;”. Please note that, “755” denotes that only owner has the permission to write something into the directory, other users will only have read and execute permissions.
- For setting proper folder permissions, use this command: “find /your/wordpress/folder/ -type f -exec chmod 644 {} \;”. “644” defines that owners will have Read and Write access; whereas, users will only have Read access.
Change WordPress Table Prefix
While installing WordPress, if you have selected the default options, the tables will have a prefix “wp_”. It’s good to change that to some random value, which is hard to guess. You can use a plugin named Change DB Prefix to change the WordPress table prefix with a single click of your mouse.
Password Protect Administrator Dashboard
This will ensure that even users with administrator access will need to enter two passwords for full access to the dashboard. A user who is visiting your public WordPress site should have no business with your administrator files.
Update Security Keys
Follow this link and six security keys for your WordPress blog will be created: https://api.wordpress.org/secret-key/1.1/salt/
Now, open the wp-config.php file and overwrite the default keys in the file with the new ones you found after visiting the link. This will make your passwords stronger. Additionally, if someone logs in to the WordPress site without your prior knowledge, they will be logged out of the same automatically, their cookies being invalid due to the new security keys.
Important Plugins
Exploit Scanner: This scans all the files and blog posts of your WordPress blog and identifies the ones with any sort of malicious code.
WordFence Security: This compares between your core WordPress files and the ones in the repository to identify the modifications in code. Also, you can change settings to lock out a user after a certain number of unsuccessful attempts.
VIP Scanner: This identifies suspicious codes in all of the installed themes and will also detect the advertising codes inside the theme files.
Follow the aforementioned steps and make sure your administrator login ID and password are not very easy to guess. If you have something to say about the article, please speak through the comments section.