Nov
27

WordPress Security Tips

We will discuss some tips for blog security recommended by many experts to keep our blog secure 24X7 up and running.  Safety of blog from hackers or any exploit is very important because it may ruin our blog. Following are must follow blog security tips for WordPress blogger.

Upgrade
As good as it is, WordPress still has security issues. Upgrading to the latest version is a must if you want to lower the risk of getting your site hacked.
Upgrading today is really easy, thanks to excellent plugins like Instant upgrade or automatic upgrade. You have no excuse not to upgrade.

Folder access
Create empty index.html file (no content in it). Upload this file to your wp-content/plugins and wp-content/themes.
This will prevent anyone from looking over at what plugins and themes you have.This is importance to avoid WordPress directory listing and File access vulnerability.

Secret Key
Edit your wp-config.php and change or create the SECRET_KEY definition. It should look something like this (alter the key value to your likening):define(‘SECRET_KEY’, ’1234567890′);

Active Plugins
If you have access to your database, check the table wp_options and look for the record ‘active_plugins’. It will list all really active plugins on your blog. Hacker may upload a file to your upload folder and activate it as a plugin so you want to make sure there are no alien plugins listed there.

.htaccess
Check your .htaccess file located in blog’s root directory. Normally it should contain only references to index.php file for suspicious activity.

File change notifications
You can install file change notifications for your blog, sending you an email whenever one of your WordPress files on the server changes.

Exploit scanner
Install WordPress Exploit Scanner plugin. It scans through all files in your WordPress installation and searches for malicious looking code. You want to check if any of the warnings contain links to sites you are not familiar with.

User registration
If you are the only registered user of you WordPress blog, turning off “Anyone can register” option in your General settings of the Admin panel is a nice precaution as this was the source of biggest troubles in the past.

Backups
Should the trouble still happen, be sure you have at least weekly backups of your blog. WordPress Database Backup plugin will automate this work for you, so no reason not to use it.

If you know any more please add to this list so we will have strong checklist for wordpress blogsite security.

Tags: ,

Posted by Ashish Bobade Security, wordpress Subscribe to RSS feed

Other Interesting Articles:

  • WordPress Important Plugins
  • WordPress setup
  • WordPress directory listing and File access vulnerability
  • Headline Animation for your blogsite
  • WordPress Optimization
  • TabRenamizer
  • Free Windows Live Spaces Blog
  • WordPress warns of wayward worm
  • Search for India’s Best Ethical Hacker
  • WordPress 2.8 visual editor bug
  • Why You Need To Secure Your Web Applications
  • Backslash Not Displayed in WordPress Post
  • Boost your website speed using Free CDN
  • Tips to enable/disable the USB drive in WinXP
  • PayPal Integration Testing
  • Basic Security Check For WebApplications
  • Broadband WiFi router security issue
  • Top 10 Malware sites
  • Cross Site Scripting (XSS)
  • Smart Password Practices by Google

    • Leave a Reply

    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    2 Responses to “WordPress Security Tips”

    1. Paresh
      December 3rd, 2009 at 10:10 pm

      Very useful article

      [Reply]

    Trackbacks/Pingbacks

    1. Wordpress Security Tips | TechChase WP Air