Tips To Secure Your WordPress Blog

If you are an internet marketer, you probably have quite a bit on your
plate already. You have spent a great deal of time putting together
a good website or blog and are really concentrating on how to deliver
your product or information. Unfortunately, there are a certain
breed of people out there in cyberspace whose self appointed mission
is to break into your vault and create havoc.

If you are using WordPress as a platform to blog from, here are a few
tips on how to secure WordPress

Keep WordPress Updated and Backed Up

Older versions of WordPress still have many vulnerabilities that are
widely known in the hacker community. To their credit, the WordPress
people are always doing their best to plug security holes and are
updating constantly. So your first line of defense is to keep your
blogging platform updated.

Medical Tip: To avoid increasing your blood pressure, always be sure
to make a backup of your blog before installing any updates. Its a
good idea to regularly to keep your WordPress backed up regularly
anyhow, since any number of things can go wrong.

Another tip is to delete the meta tags that tells the world of the
version of Wp you are using. This info is usually in the header file.

Keep Your Plugins Hidden

One of the great things about using WordPress is the plugins. While
they greatly increase your blogs capabilities, they too contain
certain bugs and vulnerabilities that are exploited by hackers. So
be sure to keep them updated also.

It is easy for anyone to see what type of plugins you are using by
visiting the wp-content/plugins folder. To keep potential intruders
from finding out the plugins that you use, create an empty
‘index.html’ file and place it in your plugins folder

Its also a good idea to check your plugin folder and make sure the
plugins there are the ones you want. Some hacker, once they get into
your files upload their own plugin. So if you see something that you
are not familiar with, delete it.

Here is a Free WP plugin that keeps track of the attempts to login to
your site. Many hackers use brute force to try and get your
password. So, if there are too many of them coming from the same IP
address within a short period of time, the plugin will disable the
login function for that IP range. Login Lockdown:
bad-neighborhood.com. Click on login lockdown and you will be taken
to the download page. Be sure to check out their other plugins to.

Change Your Passwords

This is an easy hack that is often exploited. You can have a more
secure blog by making up a crazy, difficult password. Even change it
monthly if need be.

But not only your WordPress login. Don’t forget your hosting account
and your ftp passwords as well.

Headache tip: Be sure to write your passwords down immediately and
keep all your them all in a safe place.

Secure the /wp-admin/ directory

Your most sensitive WordPress information is stored in the /wp-admin/
folder. By default, WordPress leaves that folder open, so people can
access these files to make changes if they know what they are doing.

To secure this folder:

Place an .htaccess file inside the /wp-admin/ folder to block the
access to all IP addresses, except yours.

Here is the code you need to put in the .htaccess file:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName “Example Access Control”

AuthType Basic

order deny,allow

deny from all

allow from xx.xx.xx.xx

allow from xx.xx.xxx.xx

Now, ff you ever find your site being redirected to another website
you will need to:

Check For Hidden Code

This requires a bit more knowledge of the inner workings of WP on your
part, so don’t mess with it unless you know what you are doing.

Browse your theme files

Log into your WordPress control panel, go to the theme editor, and
look inside your theme files. See if there are any lines of code
that are not supposed to be there, or that contain a PHP code that you
don’t recognize.

Check your database tables

Some hackers upload fake images to your “Uploads” folder and activate
them with a plugin call. To detect this you need to open PHPMyAdmin,
browse the “wp-options” table, and edit the “active_plugins” record.

On that record you will see a list of all the plugins that active on
your blog. Delete any that seem unusual or that you aren’t using

Browse your site files through FTP

Log into your FTP account and browse through the folders on your site.
You are looking for any files that have a strange name or that look
suspicious. If you have another WordPress blog installed on another
site, compare the structure of the files to make sure they match up.

Tip to avoid a heart attack: Remember: Backup, backup, backup, before
you star messing with anything!

Be Fearless

Billy Ojai

Unfortunately, there are a certain breed of people out there
in cyberspace whose self appointed mission is to break into
your vault and create havoc.
If you are using WordPress as a platform to blog from, here
are a few tips on how to secure WordPress