WordPress is the most used Blogging platform on the web. It’s Latest WordPress Version has been downloaded over 6,115,128 times.
Being the most popular one Hackers eye wordpress the most since many top blogs use WordPress as their Blogging Platform. Well And good. But if you get your blog hacked what could be the consequences?
- All Your Content would be stolen, by the Hacker.
- Images, other files could be deleted.
- Adding Malicious code to your blog
- Posting on to your blog stuff which you would not like to appear
- Or Maybe even worse, just get your blog wiped off.
I think theses are enough to reason you as to why you need to concentrate not only on securing your Email Ids but also your blog. I’ll tell you some very simple and quick hacks to prevent your blog from being hacked.
- WordPress, like any other Open Source has got Bugs. Mentioning your WordPress Version would not be a good idea if you there’s some bug out through which your Blog can fall into Trouble. So Try not to mention what WordPress Version you are using as this may become a soft target for hackers. Just Remove the String of Which wordpress version you are using by editing the header.php of your file –
bloginfo(’version’) - After that is done another simple trick is to upload a empty, index.html file to your plugins folder to prevent hackers from getting to know your plugins as this could also ease out their task of getting into your blog by simply finding the loophole in the plugins.
- Sometimes Hackers use Various Techniques to hack your blog like password guessing or perhaps something more advanced and that is Brutre Force. Various login Attempts with different passwords till the actual password is found. In order to solve that problem, get the Plugin Login LockDown (Download it here). It Bans Ip’s after certain number of Failed Login Attempts.
- A awesome plugin i came across is WP Security Scan which provides best security features. It’s Very easy to use it. After Installing check out the scan and if any vulnerabilities are found then along with them, a way to correct them is also shown.
- Checking File Permissions is most necessary. If you have got it wrong then chances of your blog getting hacked are very high. Here is how they shall be.
- Bonus Tip : Have you not heard of this? All posts come with some bonus! – Using Robots.txt, if Search engines start indexing your login pages, your plugin directories and so on.. It will turn out quite dangerous for you. So just edit your robots.txt file and “Disallow” all these directories and so your important directories are blocked off from search results.
I would like to contribute my part.
#1 That line is not removed by removing the line from the header.php (it has to be removed if its there). Its removed by adding the following line to your functions.php file of your theme
remove_action(’wp_head’, ‘wp_generator’);
#2 Instead of manually putting a blank index file in directories, you can also use the .htaccess file for blocking directory browsing
#3 & #4 are yes very good steps
#5 File permissions are important but I would like to know more on this as this is something that I don't know much about.
Thanks!
Thanks so Much for the additions to tip #1 and #2.
For Tip #5 – Changing File Permissions will alter and restrict the manipulation of the File According to the permission you have set. It is very useful because you can restrict access to files which you don't want users to view or Make Changes too.
I meant that I don't get the owner, group thing. Is this useless if you are on your own server (dedicated or VPS) unlike the shared hosting account?
Just To Clear Out, here's a quote from Lorelle's Blog
“You can set some of your files and directories to allow various degrees of access, be it to totally prevent all access to changing the file in any way, to only allowing access to change a file by a user/program authority. “Changing File Permissions” from the WordPress Codex explains how to change those file and folder permissions on your server, but if you do change them to make them have temporary wide open access, change them back afterwards.”
That wasn't something I a have a doubt on. Anyways I will look up when I will get a chance.
gudstuff.. much needed topic to be discussed
Thanks
Thanks
Cупер статья.Очень хорошо и подробно вы описали, спасибо.
Great post. I will be helpful to me. Is it possible to to rename “wp-admin” folder? If it is possible please let me know. Thanks a lot.