Many of blogs based on WordPress have been hacked. To avoid the hackersame disaster from happening to your own blog, you can try the tips below to make your WordPress blog more secure, at least from the view of script kiddies.
But firstly, I would like to recommend you a plugin called WP Security Scan, which scans your WordPress installation for security vulnerabilities, passwords, file permissions, database security, version hiding, WordPress admin protection/security and suggests corrective actions.
- 1. Remove WordPress ‘version string’ in your theme files
- 1. Go to WordPress dashboard, click on presentation -> edit themes -> header.php
- 2. Find and remove this. bloginfo(‘version’) Save the file.
Explanation: Hide the version number of your WordPress such that it will be hard for hacker to find security loopholes for the specific version of WordPress.
- 2. Place empty ‘index.html’ file in the plugins folder
- 1. Open Notepad. Click ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files)
- 2. Upload the file to WordPress plugins folder in your web server.
Explanation: Hide the plugins used by your WordPress blog. It uses the same concept as above which is to hide security loopholes in the plugins.
- 3. Upload a copy of .htaccess file in the wp-admin folder
- 1. Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla)
- 2. Go to your wp-admin folder
- 3. Upload the .htaccess file you’ve downloaded just now.
Explanation: Prevent files in wp-admin from being accessed by hackers by limiting the access to this folder by IP address (means that the access is limited to the server owner/user only).
You’ll find an updated list of what to do if hacked here.