Following the famous saying, “Security is only as strong as its weakest link,” security is very essential, especially when it comes to doing online things. A single weak link can be used to compromise all your hard work and even online identity. With wordpress being used as a CMS solution for most of the blogs out there, we present a comprehensive list of tips, tricks and measures that you should take so that you never get hacked.
Always Keep Your WordPress Updated
WordPress is an open source, GPL licensed blogging platform that has become the de-facto standard for all bloggers in recent years. Since it was developed by the wordpress community, various security holes are often found and reported back to the community. The community patches the possible security holes and releases a new version of WordPress. Updating your wordpress install to the latest available version automatically secures you against security flaws in the earlier versions.
Using a Strong Password
Needless to say, you should always have a very strong password for your blogging account. Don’t include dictionary words in your passwords as they can easily be cracked using brute force methods.
Here are some tips on choosing strong passwords:
1. Do not include dictionary words
2. Do not make your birth date or phone number as passwords. They are fairly easy to guess
3. Do not include dictionary words
4. Use a combination of upper and lower case letter
5. Use a combination of letters, numbers and signs
6. Always make sure, you have a alpha-numeric combination in your passwords
Take Regular Backup Your Databases
Precaution is better than cure. So, make it a habit to take regular backups of your databases. Database is a place where each and everything regarding your blog is stored. If you have a backup, you’ll never lose anything regardless of whatever may happen to the blog. Having a backup also serves a purpose of restoring the blog to a previous instance of time in case anything bad happens. You can use the WP-DB-Backup plugin to make this task easier.
Hide Your WordPress Version
Many times, a malicious hacker just scans the entire blog database with a script that searches for earlier and non patched wordpress installs. In case, you didn’t get time to update your wordpress install, you may fall for the trap since you have a older install with possible open security holes. To combat this situation, you should always delete the meta version line from the header.php file inside your wordpress install.
Double Check Your File Permissions
Incorrect file permissions are the most widely used exploit by malicious users and hackers who are trying to take down your blog. A single incorrect file permission may lead a sensitive directory exposed and ultimately, your blog to be hacked. So, it’s always recommended that you have correct permissions set to each and every file in your blog installation. Some files are meant to be public and some are not.
Preventing Brute Force Attacks
Brute Forcing is a technique that is used by hackers to take down your account. In brute forcing, each and every possible combination for password is tried from a defined dictionary. To prevent this, the best option is having a really strong password. In addition to that, you can limit the login attempts to your blog’s admin are with the Login Lockdown plugin. This will not only ensure that you don’t fall prey to a hacking attempt, but will also limit the number of attempts used to get access to the admin area.
Protect Your Configuration File
As a matter of fact, wordpress stores all your details including your username and password in plain-text in the wp-config.php file in the directory. Now, if you have incorrect file permissions set, this sensitive information may be out in public. To make sure that doesn’t happen at least for this file, you can put this piece of code in your .htaccess file:
<files wp-config.php> order allow,deny deny from all </files>
This will set the correct file permissions and will prevent anyone from viewing this file.
Use WordPress AntiVirus
AntiVirus is a free and very useful wordpress security plugin that helps you protect your blog from all possible virus infections. It has many special features that constantly scans and checks your blog for any virus infections and sends and email alert if it finds anything that’s malicious.
Today, we discussed all the possible measures that you can take to make sure that your blog never gets hacked. Do let us know if you find our tips and tricks useful. Also, if you have any other tips and tricks on how to prevent your blog from hacking attempts, we would love to hear them.