Finally, WordPress has announced the launch of Version 3.0, “Thelonious”. You can also upgrade and secure your current site from your dashboard.
WordPress site can be a target for hackers looking to take over for SEO, traffic-redirection and other purposes. Most bloggers aren’t aware of the threat posed by hackers and the blog owner may not even know that a successful attack has taken place.
Here are some suggestions:
- Create a unique name for admin a/c
The versions before 3.0 of WordPress automatically assigned the first user with the username “admin,” but version 3.0 has the option of choosing your desired user name with installation. Now the hackers cannot guess your username because it will no longer be “admin”.
It is harder for a hacker to break into your blog when both the username and the password have to be cracked. That will make sure that you have the full authority over your blog.
- Use strong password
Do not use simple passwords when creating the new user account. It might be simple for you to remember it, but it is also easier for a hacker to crack it. Your password should be at least eight characters long and should include numbers mixed with characters in uppercase and lowercase. For example: zxy@123pub
- Set a new nickname
You do not want your new username to be the author name that is shown on all posts. Set the nickname, which the WordPress uses as author name to something different than your username. You can go to “Users” under “Your Profile” in the Nickname field and choose a new nickname and set “Display name publicly as” to your new nickname.
- Use Login Lockdown plugin
Sometimes the hacker might think they know your password, or they might use a software to guess your password. In that case what you need to do is limit the login attempts.
Login LockDown plugin records the IP address and timestamp of every failed login attempt to your WordPress site. If more than a certain number of login attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. You can control the settings via your admin panel.
- Remove Error Message on the Login Page
When you enter a wrong password or an invalid username, one would get an error message in the login page. So if a hacker gets one thing right, the error message will help them identify that. Therefore, it is recommended you remove that error message entirely.
Open your functions.php located in your theme folder and paste the following code:
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));
- Limit Access via IP Address
You can limit access to your WP-Admin Panel and only allow certain IP Addresses to access. All you have to do is write .htaccess file in /wp-admin/ folder. Paste the following code:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName “WordPress Admin Access Control” AuthType Basic order deny,allow deny from all # whitelist your IP address allow from xx.xx.xx.xxx # whitelist your home IP address allow from xx.xx.xx.xxx
- WordPress AntiVirus Protection
Word press AntiVirus plugin is a smart and effective solution to protect your site against exploits and spam injections. Special feature of this plugin is manual testing with immediate result of the infected files, and daily automatic check with email notification.
- Backup regularly
Taking regular backups is important. In case if something happens, you can always use the backup to recover your blog files. WordPress Database Backup plugin makes it simple to backup your files. Activate the plugin and set it up in such a way that it automatically takes backups and sends them in a file to your email address.
- Always upgrade
Always upgrade to the latest version of WordPress, latest version of your WordPress theme and latest version of plugins you use. One of the reasons for new versions of software and plugins, is to correct the security vulnerability found in older versions. In WordPress 3.0 all the upgrades are simple, automated and one-click processes within the admin interface.
These 9 simple steps can be executed quickly and should make your blog harder to hack and make it secure.