How to Protect Your WordPress Blog from Getting Hacked

WordPress Security

After you have found cheap WordPress hosting and you have launched your WordPress blog, one vital step you must never skip is to protect your WordPress blog from getting hacked. If you are new to WordPress security and Web security in general, you might hope that there is a thick book, which lists, in detail, everything you need to do in order to protect your WordPress blog from getting hacked and then you have the safest WordPress blog on Earth.

The bad news is that there isn’t such a book and it is not possible to write one. However, there are some steps you should follow in order to at least make your WordPress blog a bit more secure. WordPress is secure but some additional hardening is always necessary.

Minimize the Damage

As with many things in life, prevention is better than treatment but you should always be prepared to react in case the worst happens. One of the best medicines you have at your disposal is a backup. There are some WordPress tools, which allow to backup either the WordPress database only or the whole installation, so get one of them and start using it regularly. Many WordPress hosts, including cheap WordPress hosts, offer various backup tools, so it doesn’t require much effort to find the right backup tools.

Real-time backup is the safest option but in most cases you won’t need it, even if it is available. Weekly or daily scheduled backups are very often exactly what you need. Backups don’t take much time but they are a life-saver if hackers manage to bypass your security.

Peace of Mind with Anti-hack Measures for Your WordPress Blog

Once you get the habit to make regular backups, the next steps in securing your WordPress blog and your peace of mind can be grouped into the following categories:

1. Common sense security.

Security starts with the most basic steps many web masters tend to neglect. Some common sense security steps include the installation of patches and updates as soon as they are released, use of strong passwords (and their frequent change), caution about the places you log from (because if you login from an insecure location and your password can be intercepted, this kills all your efforts to secure your WordPress blog), etc. The careful selection of a reliable wordpress hosting provider also falls into this group of measures – cheap WordPress hosts can be secure but you need to double check.

2. Limit access.

Many hacking exploits happen because the web master was generous in granting access. You should always keep to the least privilege rule and grant permissions restrictively. For instance, if you impose IP restrictions to the wp-admin directory, this could stop many unauthorized access attempts. However, be careful not to cut your own access and lock yourself out! Additionally, you can make many files read-only and give privileges to selected users only.

3. Harden your web server.

Many exploits are possible not because of WordPress weaknesses but because of server vulnerabilities. This is why you need to harden Apache or whatever web server you are using.

4. Secure plugins.

Plugins are what gives power to WordPress but they are also responsible for many vulnerabilities. Sometimes it is the given combination of plugins that makes your WordPress blog an easy target, while in other cases it might be just a separate plugin. Anyway, make sure that you have followed the steps needed to secure your WordPress plugins.

5. When done, check with the WP Security Scanner.

It is naïve to think that it takes only 4 (groups of) steps to secure your WordPress blog – in fact, there is much more you can and should do. If you want to run a security check and see what the report includes, WP Security Scanner will give you an idea of what else you need to fix. The tool in the link is one of the best tools for the purpose, so download it and run it.

These 5 measures are just the beginning in making your WordPress blog secure. Don’t skip them, they are vital.

Laura Hayes is a full time Senior Writer for Web Hosting Search, one of the strongest guides for web hosting. She blogs about WordPress techniques and online marketing.

Photo Credit: CarbonNYC

Posted By: Justin Wright

This post was published by Justin Wright on May 5th, 2010.

Free WordPress Video

3 Comments

Leave one below...
  1. Adam Pieniazek 5 May 2010 at 10:40 am permalink

    Step 6:

    Backup, backup, backup!

    What I always tell people when they ask about security is that there are a number of steps you can take to harden your site, but if someone really, really wants to get in, they’ll find a way.

    Having backups ensures that if disaster does strike you can revert back to a good copy of the site/server and rebuild.

    A good analogy is home security. Sure, you can spend lots of time and money getting an advanced home security system installed, but if someone really wants to break into your house they’ll find a way. Having backups is like having insurance on the valuables in your house.

    • Justin Wright 5 May 2010 at 1:33 pm permalink

      Totally agree. You can never have enough backups, especially when it comes to important stuff like your database. It’s one of those things that only takes a few minutes to setup yet people often skip or overlook.

  2. Dell Parts 3 August 2011 at 3:31 am permalink

    Adam
    The crashing of wordpress daabase takes a just 5 minutes so it should be secure first then backup


Leave Us Some Feedback