Keith Goodrum

Today I’m going to show you some tips to secure your WordPress blog. One day I while I was looking for information about computer security, I stumbled across Matt Cutt’s blog post about WordPress Security. That sent me off to learn about blog security.

Hacking blogs is becoming more popular. There seems to less attention given to protecting blogs, and that makes it more attractive. The most common goal is to use the authority of the hacked blog to build back links to a spam blog. They will hide the back links, and the blog owner is none the wiser.

These tips should make it less desirable to hack your blog. The idea is to try to make it not worth the effort, and go somewhere else.

So, here are 7 tips I’ve implemented:

1. Keep your WordPress updated – I would hope this goes without saying. One of the best ways to keep your blog secure is to have the latest version of Wordpress. Subscribe to the WordPress Development blog at http://www.wordpress.org/development/feed/. They announce any new versions or patches on their blog.

2. Keep your plugins updated – This is an area that can exploited if your plugins are not kept up to date. The newer versions of WordPress automatically alert you when a plugin releases a new version. But you still have to update them when the announcement is made.

3. Back up, Back up, Back up, Back up – OK you get the point. Are you willing to risk losing your blog if something happens? You don’t have to do it manually, there is a plugin that will back up your database. It called WP dbmanager. You can get the plugin here: http://wordpress.org/extend/plugins/wp-dbmanager/#post-340

4. Protect your plugin, wp-content and wp-includes folders – These folders hold sensitive files that can be exploited. Matt Cutts in his blog post Three Tips To Protect Your Wordpress Installation says to put up a blank index page in each folder. This prevents anyone from viewing a index of the contents in that folder. I took this one step further, and added a redirect back to the front page of the blog. So now when someone trys to look at one of these directories, they get sent to the home page of the blog.

5. Protect your wp-admin folder – This folder has some php files that are vulnerable. Just like the folders above you don’t want anyone gaining access to this folder. There is a plugin called AskApache Password Protect. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder. You can get the plugin here: http://wordpress.org/extend/plugins/askapache-password-protect/#post-2892

6. Consider changing your login username – By default the username for the administrator is admin. If you are worried that someone might be able to crack your password, then changing the administrator username could stop them.

7. Create a 2nd username for posting – Set this 2nd user up as a contributor, or author only. That helps protect your admin from unsavory types, and protects you from yourself. You don’t want to accidently change a setting while posting content. Hey, stranger things have happened.

This is just a start to make your WordPress blog more secure. There are other ways to further tighten it up. I hope you find these helpful, and as I learn more I’ll keep adding to this series.

The team over at BlogSecurity have done a great job of teaching people how to make their blogs safer. You can tell that David Kierznowski, Sarah Turner, Philipp Heinze, Mario Heiderich, Gareth Hayes, Marco Ramilli have worked hard on this project. I would like to thank them for their efforts.

You can go there and learn more: http://blogsecurity.net. They also have a cool blog WordPress scanner. It will scan your blog, and give you a report detailing the security of your blog. You can check it out here: http://blogsecurity.net/wordpress/tools/wp-scanner/

Please comment, and give any tips you have found to help further secure your blog.

Related posts:

1. Awesome Twitter Plugin for WordPress Here is a cool plugin I found recently. This allows...
2. How to Blog – 7 Powerful Ways to Clone Your Blog Posts OK, you’ve put hard work into creating your latest blog...

Related posts brought to you by Yet Another Related Posts Plugin.