If you have a blog, you must be very concerned about its security.
If you are using Blogger.com (Blogspot), you do not need to worry much as it is very secure.
But, if you are on WordPress, you will need to care about the security of your blog.
So, here are some Tips to Secure your WordPress Blog from Hackers.
1. Upgrade to the latest WordPress Version
I recommend you always upgrade your blog to the latest wordpress version. Because all latest versions for wordpress include fixed security bugs plus includes security from the latest threats. Though it is NOT recommended to use the Beta versions.
2. Change Permissions (CHMOD) “wp-config.php” file to 644
If you don’t know or don’t remember about it, “wp-config.php” is the file that stores all your wordpress database details, like the Database Name, Database Username, Database Password, and Database Host.
If someone is able to access that file, it is a very big risk to your wordpress blog.
So Change Permissions (CHMOD) the “wp-config.php” to 644 by using the Following Steps:
Login to your hosting Control Panel and go to the File Manager.
There you will see the file “wp-config.php”. Right-click on it and click on “Change Permissions”
Change the Permissions to 644 and then save it.
3. Read comments of users on Plugin Page Before Installing
Even if you install plugins for a trusted source, like the wordpress.org site itself, still you should read reviews and comments of people on the plugin page and on Google.
This is important because the plugin might have some vulnerabilities which can make your site vulnerable to hacking.
4. Take Regular Backups
This is a very important step. This ensures that even if your blog gets hacked, you do not lose any data.
Steps to Completely Back up your wordpress blog:
Login to your hosting and go to the file manager. Compress all the files into a Zip archive using the “Compress” option in the File Manager. After that, download the compressed Archive.
Go to “PHPMyAdmin” and export the database you use for your wordpress site.
Steps to Restore your wordpress blog (if you have the backup):
Remove all files from your file manager which you think might have been added by the hacker, or the ones you know you won’t need, or the ones which you believe should have not have been there from the File Manager.
Upload the Zip Archive of the backup in the file manager, and extract it.
Create a new MySQL Database. Now using “PHPMyAdmin”, import the SQL file from the backup into that database.
Update the wp-config.php file in the File Manager, replacing the details of your old Database with the details of the newly created Database.
5. Do not use the username “admin”.
Default wordpress installations use the username “admin” as the default Administrator account.
Now if the Hacker attempts to hack your site by Brute-Force [ It is a Big tool for hackers in which with the help of Certain Application Programs Which use trail & Error method they tried to hack blog & many times they succeded ], that is the first information he will use, i.e. he will run the Brute Force attack on the username “admin”.
Now, If such an account exists in your blog, then he might be able to access your blog and hack it, but if any account with the username “admin” does not exist, then he will not be able to hack it.
So I recommend that you do not keep any account with the username “admin” in your wordpress blog.
Delete that account if you have it but make new a first.
6. Use a secure and strong Password
This applies not only to the security of your wordpress blog but the security of all your accounts (like Facebook, Gmail, Twitter, etc) and all your blogs or websites.
You should always use a strong password for any account, be it admin or a simple account.
Tips for selecting a strong password:
The Password Should Be Difficult to Guess.
Make sure that the password contains at least One Number, One Character, and One special character (like !,@,#,$,%,^,&,*,(,), etc)
7. Install Security Plugins
Security Plugins are also very important for the security of your wordpress blog. Though there are many security plugins available I recommend a few – BulletProof Security, WP Security Scan, Login Lockdown, and Limit Login Attempts.
8. Always keep your themes up to date
As I said in the update wordpress part, It is recommended to always keep all your themes updated.
It might be possible that the earlier version has some security bug that has been fixed in the new version, though I do NOT recommend using the Beta versions.
9. Do Not Install Plugins and Themes until you got them from a reliable and trusted source.
“FREE PREMIUM PLUGINS!!!” “FREE PREMIUM THEMES!!”
These two lines are enough to catch any WordPress Blog owner’s attention.
They might hurry and get those and themes and plugins and install them on their blog.
What they do not realize is that the plugin or the theme they downloaded and installed on their blog might have been modified by a hacker.
It is possible that the hacker modified it to make any Blog installing it vulnerable tactics to getting it hacked.
So until you are sure that the source you got the plugin or theme from is a reliable source, then do NOT install any such plugin or theme in your blog, even if it is free.
Though these tips take some time and effort to set up. But if you can implement these, then they will go a long way to ensure the security of your WordPress blog, and reduce the risk of getting it hacked to a large extent!