Hackers are people who use their skills to attack your servers and webpages. Sometimes they are motivated by greed, and sometimes by pride. They want people to think that they are so smart for breaching their security. So, if you are the administrator of a blog or website you should be concerned about the security of your site.
The security of your blog is very precarious and they are vulnerable to attack. You need to stay vigilant and monitor your blogs often, because new vulnerabilities are discovered everyday.
There is no 100% secure site. Your goal is to make your blog as secure as possible.
Below are some tips to help make your blog more secure:
Secure WP-Admin By IP
If someone can get your (username & password) to enter into your website WP section, you need to restrict this area by your IP. It prevents brute force attacks and only you will be able to control your website.
Deny from All
Allow from 123.456.789.0
You can allow and deny IP’s from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX
Protect WP-Config.php File
WP-Config.php file is very important on wordpress plate form, and usually an attacker gets the required information about the database of your website from WP-Config.php file. Basically if you use a strong database user-name and password while your WP-Config security is low then an attacker can get your user-name and password from wp-config file. It contains all the information about the security and data on your website.
Access .htaccess file is located at the root your of your wordpress installation.
Open it and paste the following code.
deny from all
You need to hide the version of your wordpress because an attacker could find a way to exploit your site by searching it on different exploited databases by version number and it they may cause great harm to your blog so be careful to not display it.
This tag is in the header.php file that displays your current version of wordpress.
Copy and paste the code in the functions.php file of your theme and than you are done.
This is a very good idea to remove the error message so that an attacker would not be able to see your user-name and password.
Update your function.php by this code:
add_filter(‘login_errors’,create_function(‘$a’, \”return null;\”));
Some Other Security Tips
Best practices for securing your blog:
- Create strong passwords that are not easily guessed or cracked.
- Secure your computer from malware and viruses.
- Make regular backups of your blog.
- Update your wordpress to the latest version regularly.
- Avoid using your account in public places
- You need to be aware of different types of attacks that are possible in order to be more secure.
- Better to be safe than sorry.
- Installing WordPress on AWS (slideshare.net)
- Improving the Security of your WordPress Blog (labnol.org)
- Conquering the wp-config.php File (prasathpree.wordpress.com)
- How to Install WordPress Manually (slideshare.net)
- WordPress Security Tips (webwarbegin.wordpress.com)
- 10 Most Common WordPress Errors (With Solutions) (hongkiat.com)
- Computer security (economist.com)