Category: Plugins

Tips to protect your WordPress blog

April 9, 2008
Plugins
13 comments

Many of blogs based on WordPress have been hacked. To avoid the hackersame disaster from happening to your own blog, you can try the tips below to make your Wordpress blog more secure, at least from the view of script kiddies.

But firstly, I would like to recommend you a plugin called WP Security Scan, which scans your WordPress installation for security vulnerabilities, passwords, file permissions, database security, version hiding, WordPress admin protection/security and suggests corrective actions.

wp-security-scan

1. Remove Wordpress ‘version string’ in your theme files
- 1. Go to Wordpress dashboard, click on presentation -> edit themes -> header.php
- 2. Find and remove this. bloginfo(’version’) Save the file.
Explanation: Hide the version number of your Wordpress such that it will be hard for hacker to find security loopholes for the specific version of Wordpress.
2. Place empty ‘index.html’ file in the plugins folder
- 1. Open Notepad. Click ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files)
- 2. Upload the file to Wordpress plugins folder in your web server.
Explanation: Hide the plugins used by your Wordpress blog. It uses the same concept as above which is to hide security loopholes in the plugins.
3. Upload a copy of .htaccess file in the wp-admin folder
- 1. Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla)
- 2. Go to your wp-admin folder
- 3. Upload the .htaccess file you’ve downloaded just now.
Explanation: Prevent files in wp-admin from being accessed by hackers by limiting the access to this folder by IP address (means that the access is limited to the server owner/user only).

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

About the Author

Pavel Ciorici - I'm the founder of WPZOOM, WordPress designer from Moldova. Follow me on Twitter

13 Comments

mergelayers April 9, 2008 1:56 pm

Good tip!
–
Digitalizes April 10, 2008 11:12 pm

There is some good advice here, I will give your ideas a go as I am a little concerned about security.
Digitalizes April 10, 2008 11:13 pm

This edit function is really cool. Are you using a plugin for this, if so, which one?
Pavel Ciorici April 11, 2008 12:27 am

@ Digitalizes, yes it is a plugin called Ajax Edit Comments [ link ]
Digitalizes April 11, 2008 3:02 am

Thanks! I have installed it. Really nice.
tony hogan April 12, 2008 9:14 pm

I’m curious about the second thing.

You are saying create a blank html file and save it in the plugins folder.

Can you explain how this would hide the others. It doesn’t make sense to me.

and in the third example, why would you show the hidden files?

Thanks Tony
Nicu Vartolomei April 13, 2008 12:24 pm

@tony hogan, many Apache servers show the content of the folder if this folder without index.html file ;)
tony hogan April 14, 2008 4:12 am

Thanks
Yan May 27, 2008 2:45 am

I like the way you allow the commentator to edit the comment for a specific time.

Thanks for sharing the plugin, it saves me the time to actually ask you.
bawatakco November 13, 2008 11:27 pm

exelent y love IT!
tuzruhu January 3, 2009 9:13 am

also password protection for wp-admin is useful
iş fikirleri February 22, 2009 9:18 am

İnstalled okey.. thanks.. nice..
Chris June 15, 2009 9:51 am

Nice list, I used some of the ideas to secure my blog too. I also expanded on it a little and added a few more. You can check it out here
http://www.rockinwordpress.com/2009/06/5-ways-to-secure-your-wordpress-blog/