Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be open to successful attacks. What steps must you take to reduce your risks?
By Keith Lunt, ©howtostartmyblog.com

Securing WordPress is all about two things. Closing known problems and then making it as hard as possible for people to gain access to your admin, so that they instead give their attentions to another blogger.

Step 1 – Upgrade WordPress
So the first essential security step is to upgrade WordPress to the latest version. Sometimes these new versions are released to fix security problems that have been uncovered, for example users able to get more access than they should. And when WordPress is up to the latest version, also check that all Plugins and your theme are also running the latest version.

Step 2 – Don’t Use An ‘Admin’
Recent versions of WordPress now ask you for a user-id, rather than ‘Admin’, but people still install it with this as the primary user. This means that hackers do not need to guess the user name and only have to guess the password. By changing the main username to something different, hackers have to guess that as well. If you already have set up your site with Admin as the user, either go into your SQL database and change the name or change it within admin, as follows:

  • First, create a new administrator and then log off
  • Next, logon as the new administrator and delete ‘Admin’.
  • As you do this, you are given the choice of deleting or moving posts – just move them to the new administrator

    • Step 3 – Use A Strong Password
    Use a password that is difficult to guess. Do not use anything as the core to your password that is mentioned on your blog. For example, a password comprising of your town and the current year is very easy to guess!

    Step 4 – Do Not Display Logon Names
    Go to the user maintenance screen and give your users nicknames and display these nicknames as the post authors. Make sure that the nickname does not give away the signon name. For example, user Fred should not have a nickname of Freddy. Make sure that the actual signon user name is difficult to guess.

    Step 5 – Secure Your Email!
    This is something that not many people think of. If someone gets access to your email password then they can request password resets for every system that you use. So make sure that your email account is totally locked down and secure as well, else that is a back door in!

    Step 6 – Back Up Your Work
    If the worst happens then you will need to delete everything and start again. And that means deleting every file in site. Reloading WordPress from the installation files is easy enough, but you might have to roll back your database by a few weeks. The only way to do this is if you are taking regular backups, so install a plugin such as WordPress Backup.

    Step 7 – Secure Your Login
    If someone does try to hack into your blog by guessing your password, then it is possible to detect them and lock them out with plugins such as Limit Login Attempts. If it detects a certain number of failed login attempts from the same IP address, that IP address is blocked for a short while. This means hackers have to wait before trying again.

    Digg This
    Reddit This
    Stumble Now!
    Buzz This
    Vote on DZone
    Share on Facebook
    Bookmark this on Delicious
    Kick It on DotNetKicks.com
    Shout it
    Share on LinkedIn
    Bookmark this on Technorati
    Post on Twitter
    Google Buzz (aka. Google Reader)