How to Secure Your WordPress Blog?
WordPress blogs are the most popular in the present world. All the top blogger use WordPress for making their site for example: Harsh Agrawal at ShoutMeLoud.com or Imaran Uddin at AllTechBuzz.net all uses WordPress. Due to popularity of WordPress blogs in the internet world hackers are now eyeing towards WordPress blogs. So it is important thing for you to secure WordPress blog as soon as possible otherwise days are not far away when you will lose your blog permanently. Avoid to repeat commonly exploited mistake by hackers. Here I have summed up the most important things you should apply to secure wordpress.
-
Contents hide
Remove WordPress Version
Older version of WordPress are more vulnerable for hacking. You should remove version generator to let the hacker getting an idea of your WorPress blog. Add the following code in your function.php file.
remove_action(‘wp_head’, ‘wp_generator’);
And save the changes. Now you have secured wordpress more than any other.
-
Don’t allow indexing of Core file
In your robots.text file apply the following code
Disallow: /wp-*
This will stop search engine from indexing wordpress core library file. Thereby securing all the wordpress core content.
-
Shift your WordPress Core file to other location
If you are putting your WordPress file in the root then you are more susceptible for being hacked. Because guessing in these location is quite easy. I have written a separate article for this. You may want to check it out.
How to move your WordPress core library file to different location
-
Avoid the “admin” username
Most blogger repeat this mistake because of their comfort. Admin username should be avoided at first when you are making your blog. Other thing, you cannot change your username once you made. In a situation when you have the admin username, make another account and give that account admin privilege. Login from that account and delete the account containing username as “admin”. But not to forget to shift post from that account to your new admin account first.
-
Protect .htaccess file
First thing, always make a backup of .htaccess file when you are going to edit, because this is one of the most important file for your WordPress Blog. You can revert the changes if something unwanted happens. For protecting .htaccess file add the following code in it and save the changes.
#STRONG HTACCESS PROTECTION order allow, deny deny from all satisfy all
-
Protect wp-config.php file
For this add the following code in your .htaccess file.
#protect wp-config.php order allow, deny deny from all
-
Fight against spammers
Save the changes after adding following code in your .htaccess file.
RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-posts.php*
RewriteCond %{HTTP_REFERER} !.*blogAddress.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
-
Don’t Allow browsing of your directory
Copy the following code and add it to your .htaccess file. Save the changes.
#disable directory browsing Option All -Indexes
-
Block specific users
If you are seeing some unwanted activity from an ip. You can blog that ip. For doing this you can take the help of WordFence Security plugin. These will help you to secure your wordpress powered blog.
-
Protect Against Script Injection
SQL injection are the most popular injection present in hacking world. There are also other type of scripts which will make significant changes to your blog. To avoid injection of Scripts attack add the following code in your blog.
Option +FollowSymLinks RewriteEngine on RewriteCond %{QUERY_STRING} (< |%3C).*script.*(> | %3E) [NC, OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[0-91-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) ReWriteRule ^(.*)$ index.php [F,L]
Hope you have now fully secured your WordPress blog. You can tell us your feedback at the comments section.
