Wordpress Security Power Tips – Prevent Hacker attacks
Wordpress administrators, it’s time to think about security of blog as many are being hacked. Apart from the below security tips make sure to update your WP blog to the latest version. This may prevent your blog from hacker attacks as wordpress is continuously working to increase security.
Delete Admin Account: Everyone in the world including hackers knows super admin username of wordpress as “admin”. Hacker just needs to work on probability to guess your password. So delete the admin user by logging with your new username (super admin).
Is it enough to delete this admin login? Definitely “no”, hacker can easily guess your username with the name displaying in all your posts. You can change the display name of all your posts.
Search for “<?php the_author() ?>” in the pages [single.php and index.php, archive.php etc.,] and replace it with your desired name.
Difficulty in implementing this tip: It will not be possible if you are using multiple logins in a blog.
Restrict Permission to WP Admin with HTACCESS: This is one of the powerful tips to tight the security of your wordpress blog. We can limit the access to WP admin folder by allowing access only to the entered IPs in htaccess file.
Create an .htaccess file in wp-admin directory and paste the following content.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Home IP
allow from xxx.xx.xx.xx
# whitelist Work IP
allow from xxx.xx.xx.xx
</LIMIT>
Replace the xxx.xx.xx.xx with corresponding IPs and it will not allow others to access wp-admin from other IPs. You can add IPs as much as you want. You can add multiple “allow from” lines so make sure to add any IP addresses you plan on accessing your site from (i.e. Home, Office, etc).
Difficulty in implementing this tip: You can’t access your blog from other IPs, but this is reasonable and can be implemented.
Use Secret Keys: This is probably the most followed security tip on the list. Clicking this page will let you generate four secret keys which need to be added in WP config file.
Difficulty in implementing this tip: None.
Change the prefix of wordpress tables: Default prefix of wordpress table is wp_. Plugin named WP Security Scan does this job for the existing blogs. If your wordpress is not yet connected to DB then you can change the table prefix in WP config file itself without the need to use this plugin.
Difficulty in implementing this tip: None.
(+60 rating, 88 votes)
Loading ...
It is a very very needed and important topic for nowadays bloggers to protect their site from the hackers. Look forward to such topics more in the future.
Thanks for the sharing Elan!
Thx for the article.