WordPress Themes, Plugins, Tutorials, Tips And More...

Tag: Security

Your First WordPress Security Audit

Auditor

WordPress is a great publishing platform, but due to its nature of being an open source platform, its opens a huge gateway to all the potential attacks from hackers, spammers and from other attacks. Keeping the installation as well as whole of your WordPress website secure and safe is your primary responsibility. It does not take huge efforts but timely-mannered efforts.

I have been asked by many of people, including my clients, that what we can do in order to prevent such of things. And, the answer interestingly lies beneath that the first focus required in any of WordPress blog is of on security as if your website is not secured, then it’s easy for anyone to enter into in it and play as per own wish.

With this article, I have compiled a five steps guide by which you can perform your security audit. The reason for doing this is that with this you can keep your website safe plus keeping the security check will let you enhance your website for a longer run. I do the audit from time-to-time considering it as an important step. Make sure you too make it as your habit.

Happy Auditing!

1. Delete the default “admin” and create a new administrator user with a new login name. Avoid opting for generic login names like “administrator”, “test.”

2. Always use random 12 characters gibberish password.

3. Install and activate Secure WordPress plugin which will beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories and hides the WordPress version.

4. Install and activate Login LockDown plugin which will record the IP address and timestamp of every failed WordPress login attempt. As soon as more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disables for all requests from the range itself. This will help to avoid brute force password discovery. The plugin by default will lock out an IP block for an hour after failed login attempts within 5 minutes.

5. Install and activate Lockdown WP Admin which will conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php). If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.

Suggested Readings:

Photo Credit: MithrandirAgain via photopin cc

How To Secure Your WordPress Blog In 6 Ways

Started back in 2003 as a single bit of code to enhance the typography of everyday writing, WordPress now becomes the most popular and powerful Content Management System in the world. The web software used by millions of users globally, and in which the hosting of more than half of the blog itself. Not only this, but the popular brands are using the CMS too, including TechCrunch, Mashable, I2Mag, NBC and lots more.

This is huge and even getting bigger every instances passed by. Interesting and the best part while using the WordPress is that it takes mere two easy steps to install WordPress, yes the only two steps process. In order to keep the CMS work for you, today I will talk about what ways (by sharing tips and tricks) by which you can protect your WordPress blog. These tips and tricks will not only help you keeping your blog safe from hackers but also help in maintaining the much faster pace.

Do Not Use “Admin” As User

WordPress-Admin

Starting with, once you have your WordPress blog in place, you do come up with “admin” as the login username. Thing to note here, avoid using “admin” at any cost as this is a common mistake which give a clear way for hackers to hack your website. What you have to do is as soon as you install WordPress, you need to create a new account and do use that one as default. Even, better as soon as you create a new account as an administrator; better delete the user “admin” as all the robots always looking out for it.

Increasing The Strength Of Your Password

Password-Strength

Gone are those days when you can use the passwords like abc12345, xyz12345 and so on, reason with the way technology grows, breaching the authentication becomes much easier. It’s always been recommended to use strong passwords, including both small and capital letters, with numbers and different symbols which make your password much stronger. Even, in case if you don’t think of stronger password yourself, you can use the password generator software which helps you selecting the right one.

Update Regularly

Update

Photo Credit: dullhunk via photopin cc

Updating your WordPress website from time-to-time is very much important, as it keep your blog safe for a long run. Developers keep on working on to solve security issues, and in order to have your WordPress websites updated, new security release comes regularly. It takes hardly few seconds time to update your blog, resulting in helping your blog run better and be more compatible with different plug-ins. As soon as update will be available, you will get notified through your WordPress dashboard itself or you do also update it manually, but remember don’t download the update from any other website except WordPress.org.

Using .htaccess

htaccess

By default .htaccess is available in your hosting folder. The .htaccess lets you blog different IPs which you believe would be security concerns for you. Even further, .htaccess will allow you to people from browsing your WordPress folder structure as well as let you hide XML sitemaps from search engine.

Protecting wp-config.php File

wp-config

The time when you are installing the WordPress on server, you need to either create or edit the wp-config.php file. The fill will let you create and manage the database files of your blog. Just like .htaccess, the wp-config.php is one of the most important files you have with you, therefore it is also very much important to take measures to protect it out. Even, suggestive is to make it hide from the public, by adding this simple line of code:

<Files wp-config.php>

order allow, deny

deny from all

</Files>

The addition of this will prevents the file being seen by users as well as difficult to spot by hackers and robots.

Backup Your Whole Blog

Backup

Photo Credit: Jaymis via photopin cc

Keeping a back up is a key stone to maintain a huge pace. You can back up your whole of blog either daily, once a week or a month, although it’s suggestive to do it at least once a day. You never know what things may come up your way and ruin your whole hard work in a one single go, so it is a good idea to have a back up regularly.

Page 2 of 2

Powered by WordPress & Theme by Anders Norén