WordPress Users: Protect Your Blog
Getting hacked could happen to anyone. No matter how savvy you think you are or how good you are at avoiding things, unless you actually use decent security to stop hackers getting into your WordPress database, you could be next.
You’ve seen it happen to Shoemoney. Twice.
There are some very simple steps you can take to protect your WordPress blog. Lets take a look at a few basic methods:
Back up Your Blog
King of saving yourself from a database tragedy? back-ups! make regular back-ups and you’ll always be insured of your own safety with your precious blog content and structure. Someone could blast your entire database but it doesn’t matter if you have a back-up right.
One click auto back-up: Download | Instructions
Protect Your Admin Area
A lot of amateur hackers will try to get into your Admin area simply by using a password cracker to second guess your password. These crackers go through every alphabetic combination you could use and slowly crack your password. If of course you have a very nice, complex password with letters, numbers, capital letters and other characters. These crackers won’t be able to crack it. So one way is to simply do that.
But some still can as far as I’m aware. Plus there are still other holes hackers can pick simply by getting access to this area. So how do you stop them from getting to the admin login or admin area completely?
1. Password protect your admin folder: Simple, just do this in your cPanel. Protect your WordPress admin folder with a password, there’s one layer of protection.
2. .htaccess IP restriction: You can stop any IP other than ones you define from getting to your admin login panel. To do this simply open the .htaccess file in your wp-admin folder to edit, if you don’t have one – simply create one in there.
Place in that file the following:
order deny,
allow deny from all allow from xx.xx.xx.xx
allow from xx.xx.xxx.xx
Obviously replace the x’s with what your IP is. You can specifically deny access to a single IP or multiple IP’s or, of course – only allow access to your IP.
Now if you have a dynamic IP you might not be able to do this if your ISP gives you a different IP address everytime you connect.
Luckily I have a static IP so it never changes.
In Closing…
So as you can see, protecting your blog from hackers is a very simple process but could save your archive from getting blasted, the easiest way is to simply back-up your databse. Which you should do regularly anyway incase anything unexpected happens.
Not to be ignorant though. As if a hacker is a good hacker, they will get into your database regardless of how many little obstacles you put in their way. It’s just like jumping a few hurdles to get to the finish line. You can in theory almost completely wipe out the possibility of getting hacked even by the best of the best, but it takes a lot of good php security.
That said, prevention is still a good thing. Average hackers or so called hackers, more like people who just use automatic password decryption tools to get your admin password won’t get past these preventions. So why even give them the satisfaction of doing it to begin with.
Well, that is certainly a couple of good tips there. I really haven’t thought about wordpress security much, thanks for bringing it to my attention.
It’s funny that you mentioned using an .htaccess file for your Admin Panel… I was trying to get this sorted out today but noticed that when I try to do it – I get a mod_rewrite error of some sort… it just goes to a 404 page when trying to get into the Admin area. I need to figure out what the problem is – but it’s surely a good idea to at least protect the area. I’ve added a few more security measures (CAPTCHA) and even a 5-wrong password Lockdown… but I’m still a bit skeptical when it comes to these small measures
Anyhow, good info!
Nice tips for blog protecting. Hackers are now everywhere…Thank you for the tips.
Hey, this post is really useful. Thank you verymuch!