Countless wordpress installations get hacked, and there are also countless blog posts about how to prevent it.
Here is my take on the issue.
This is the first step and most important. Before you plan on making any changes, make sure you backup your entire database.
You can do this manually or use an available plugin.
I recommend backup buddy, which backs up your entire wordpress blog.
Second crucial step is to ensure it is running the latest version. The WordPress team creates pattches to fix security hole, simply login and wordppress will tell you if the version your’e running isn’t the latest.
The most common login is ‘admin’ and most hackers know that. I should be changed to something more difficult to guess. Something like ‘lewis376′ or ‘d7gordon’ are good examples. The best thing to do is create a new custom login and delete the default admin.
This plugin identifies vulnerabilities in your wordpress blog and informs you if it finds any malicious code.
The default table prefix for wordpress is wp_ . I know that, you know it and I am sure the hacker does too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. A good prefix would be “dnlo23_” or “amd54jn_”. Changing your database table prefix is highly recommended and you can do this in two ways.
The manual way requires some work and is not suitable for newbie; here’s when WP Security Scan Plugin makes your work much easier. It has a tab called “Database”. Once you are in it, you have the option to rename your entire table prefix to something that is tough to guess. Do this and you will be a step closer to strengthening your blog’s security.
DB Password: How strong is your database password? Both your wordpress login password and database password should be strong. Include upper/lower keys, numbers and symbols.
Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. We do not want to index the admin section as it contains all the sensitive information. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:
#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*
This is by no means an exhaustive list of methods to secure your wordpress site, but it’s a good start
Tuesday, April 24th – 1 PM EST/10 AM PST/6 PM BST
Around a month ago, Google announced it’s going to release a new algorithm to target overly SEO’d sites to level the playing field for the rest of the web. Read more →
Social Links