Rabu, 10 Agustus 2011

Security tips to protect your WordPress blog

Tips to secure your WordPress blog


1. Check your CHMOD

Some WordPress blog owner didn’t check their blog directories permission and left them 0777 which can be viewed by anyone and also writable. People can manipulate the permission to inject malicious codes etc.

2. General WordPress security tips

- Always update your WordPress and plugins to latest version whenever there are updates available
- Avoid using “admin” as username
- Avoid using weak and easy to guess password. Use password generator to generate long and strong password.
- Turn off WordPress DB errors
- Remove WP ID Meta tag from WordPress core
- WordPress database prefix is not  wp_.
- Turn off wordpress version. If you are running on old version of WordPress you should turn the wordpress version as people can check it easily and target your site because old WordPress have vulnerabilities.
If you are not sure how to do this I recommend you to install WP Plugin Security Scan.


3. BulletProof Security

There are WordPress plugin called BulletProof Security that claims it can protect your WordPress blog from common attacks such as XSS, CSRF, Base64_encode and SQL Injection hacking attempts.
It can create secure .htaccess file, create one-click maintenance mode with 503 errors send, and also able to scan your WordPress folder permission (CHMOD).
However, the plugin is not really user friendly and you need to take time reading and learning their concept. Once you are understand, activate the functions.
Download BulletProof Security.

4. Website Defender

If you use WP Security Scan plugin you can use Website Defender as well. Website Defender is a web monitoring and scanning tools. It will detect malware, report security issues and alert you if there are suspicious hacking attempt.

5. CloudFlare

CloudFlare is a service that attempts to protects and accelerates any website online. You only need to change the DNS and use CloudFlare DNS in your blog. CloudFlare has been proven to decrease spams, bad crawlers and bots and also prevent hackers attack.
Infamous hacking group Lulzsec also use CloudFlare to protect their website and they admit that CloudFlare offers better web protection than any other services on net.
You can sign up CloudFlare here : there are free and pro plans.


6. WP Antivirus

This plugin will generate a scan on your WordPress theme and detect malicious codes. If you are using pirated or nulled WordPress theme you should scan the theme before using it as it may contain backdoors etc.
Download WP Antivirus

7. Use .htaccess to protect your blog folder

.htaccess file is important to limit access to the root and wordpress folder. If are not sure, the plugin BulletProof will give you a tips to create better secure .htaccess file.

8. Hire a security expert

If you are running online business please do hire a security expert to check your websites or blogs for security hole. I am not an expert and I have no money, so I had to check and secure my websites on my own. :(

9. Avoid using shared hosting

Websites or blogs using shared hosting are more easily to get compromised rather than websites running on dedicated server. It is probably due to server configuration flaws or other few possible causes.

10. Always backup your WordPress blogs daily


Pro hackers will always find a way to break a system no matter how secure it is. However, you can always backup your WordPress database daily and restore them in case your blog database has been compromised and deleted, damaged or altered by the attackers.
You can use WP-DB-Backup.


0 komentar:

Posting Komentar

Blog Archive