For a personalized consultation and analysis into how to make the web work for you contact Capital Cube Creatives

Latest Blogs

Preventing WordPress Hackers

Countless wordpress installations get hacked, and there are also countless blog posts about how to prevent it.

Here is my take on the issue.

1. Backup

This is the first step and most important. Before you plan on making any changes, make sure you backup your entire database.

You  can do this manually or use an available plugin.

I recommend backup buddy, which backs up your entire wordpress blog.

2. Keep WordPress Up-to-Date

Second crucial step is to ensure it is running the latest version.  The WordPress team creates pattches to fix security hole, simply login and wordppress will tell you if the version your’e running isn’t the latest.

3. Change Login/Password

The most common login is ‘admin’ and most hackers know that. I should be changed to something more difficult to guess. Something like ‘lewis376′ or ‘d7gordon’ are good examples. The best thing to do is create a new custom login and delete the default admin.

4. Install WP Security Scan

This plugin identifies vulnerabilities in your wordpress blog and informs you if it finds any malicious code.

5. Change Default Table Prefix

The default table prefix for wordpress is wp_ . I know that, you know it and I am sure the hacker does too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. A good prefix would be “dnlo23_” or “amd54jn_”. Changing your database table prefix is highly recommended and you can do this in two ways.

The manual way requires some work and is not suitable for newbie; here’s when WP Security Scan Plugin makes your work much easier. It has a tab called “Database”. Once you are in it, you have the option to rename your entire table prefix to something that is tough to guess. Do this and you will be a step closer to strengthening your blog’s security.

6. Your Database Password

DB Password: How strong is your database password? Both your wordpress login password and database password should be strong. Include upper/lower keys, numbers and symbols.

7. Create a robots.txt file

Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. We do not want to index the admin section as it contains all the sensitive information. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

This is by no means an exhaustive list of methods to secure your wordpress site, but it’s a good start

Free webcast: Google+ and Social’s Impact on Search

Tuesday, April 24th – 1 PM EST/10 AM PST/6 PM BST

Google+ and Social’s Impact on Search   Read more →

Google’s Upcoming SEO Update

Around a month ago, Google announced it’s going to release a new algorithm to target overly SEO’d sites to level the playing field for the rest of the web.   Read more →