Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be open to successful attacks. What steps must you take to reduce your risks?
By Keith Lunt, ©

Securing WordPress is all about two things. Closing known problems and then making it as hard as possible for people to gain access to your admin, so that they instead give their attentions to another blogger.

Step 1 – Upgrade WordPress
So the first essential security step is to upgrade WordPress to the latest version. Sometimes these new versions are released to fix security problems that have been uncovered, for example users able to get more access than they should. And when WordPress is up to the latest version, also check that all Plugins and your theme are also running the latest version.

Step 2 – Don’t Use An ‘Admin’
Recent versions of WordPress now ask you for a user-id, rather than ‘Admin’, but people still install it with this as the primary user. This means that hackers do not need to guess the user name and only have to guess the password. By changing the main username to something different, hackers have to guess that as well. If you already have set up your site with Admin as the user, either go into your SQL database and change the name or change it within admin, as follows:

  • First, create a new administrator and then log off
  • Next, logon as the new administrator and delete ‘Admin’.
  • As you do this, you are given the choice of deleting or moving posts – just move them to the new administrator
  • Step 3 – Use A Strong Password
    Use a password that is difficult to guess. Do not use anything as the core to your password that is mentioned on your blog. For example, a password comprising of your town and the current year is very easy to guess!

    Step 4 – Do Not Display Logon Names
    Go to the user maintenance screen and give your users nicknames and display these nicknames as the post authors. Make sure that the nickname does not give away the signon name. For example, user Fred should not have a nickname of Freddy. Make sure that the actual signon user name is difficult to guess.

    Step 5 – Secure Your Email!
    This is something that not many people think of. If someone gets access to your email password then they can request password resets for every system that you use. So make sure that your email account is totally locked down and secure as well, else that is a back door in!

    Step 6 – Back Up Your Work
    If the worst happens then you will need to delete everything and start again. And that means deleting every file in site. Reloading WordPress from the installation files is easy enough, but you might have to roll back your database by a few weeks. The only way to do this is if you are taking regular backups, so install a plugin such as WordPress Backup.

    Step 7 – Secure Your Login
    If someone does try to hack into your blog by guessing your password, then it is possible to detect them and lock them out with plugins such as Limit Login Attempts. If it detects a certain number of failed login attempts from the same IP address, that IP address is blocked for a short while. This means hackers have to wait before trying again.

    Digg This
    Reddit This
    Stumble Now!
    Buzz This
    Vote on DZone
    Share on Facebook
    Bookmark this on Delicious
    Kick It on
    Shout it
    Share on LinkedIn
    Bookmark this on Technorati
    Post on Twitter
    Google Buzz (aka. Google Reader)

    If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

    Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

    Similar Articles You Might Like To Read:
      Essential Security Changes On A New WordPress Installation Protecting your blog from idiots that would like to abuse it is essential. There are a lot of changes that...
      Simplifying A Security Upgrade If you started blogging with WordPress before v3.0, or you installed 3.0 and didn’t take the advice of creating a...
      Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
      Create A New WordPress Administrator Renaming your WordPress blog administrator user is a huge security step, increasing the safety of your blog. So, what must...
      7 Steps To Installing WordPress For A New Blog So you have decided to use WordPress for your blog and want to know what to do? Maybe you have...
      Securing Your Blog With A Better Password It sounds simple, secure your login with a good password. So, why do so many people struggle? I know of...
      A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to and the account problems. Still no joy,...
      Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
      Limit Login Attempts – better than Login Lockdown! After a little bit of research, I have removed Login Lockdown and instead installed Limit Login Attempts. After trying them...
      Protecting Your Admin I have talked already about important steps such as using a secure password and changing your admin user id, but...