Blogging is a very good way to make money online. Making money through blogging is sufficient for some people to make a living. I am an example of this. But what happens if that source of income suddenly becomes destroyed? What happens if a building which has been your major income source is suddenly gutted by fire? You know it is a terrible experience.
If you are making money through blogging under the WordPress platform, you should take security steps to ensure that your WordPress blog cannot be taken over by internet thieves. You might never have experienced hacking but you should never wait until you are a victim before you take necessary actions.
Website hackers steal website information and destroy the data of the site, making not only the hacked website useless but in some cases, the entire server hosting all other websites.
Here are 13 Ways of securing a WordPress blog against hacking :
1) Hide Your Plugins Folder
Anybody can gain access to your blog folders containing themes, uploads and plugins.This is a good opportunity for hackers to gain access to your blog and your entire server.Your wordpress blog plugins are located in http://domainname.com/wp-content/plugins. To hide the plugin folder is very easy.
There are two ways to do it:
a. Using the .htaccess file – This method is used to disable browsing the directory of your site sensitive files. To do this, go through the FTP client, locate the .htaccess file. Then right-click to open it with Notepad. After that, add this code:
Options All-Indexes
In some cases, you may not be able to locate the .htaccess file. This depends on the type of FTP client you use.For FileZilla, go to SERVER and click FORCE SHOWING HIDDEN FILES.
b.cpanel - Directory browsing can also be turned off through the cpanel. This is very easy if you cannot handle .htaccess files. Cpanel displays your entire website files and folders through the “Index Manager”. Using the cpanel option, the server automatically creates the necessary .htaccess for you. Some people find the tree format display of cpanels easier.
Some web hosting companies do not have appropriate security measures to prevent hackers from gaining entry into website files. To know how your hosting company compiles your site files, simply create a phpinfo.php file. This file will display how your hosting company compiles and configures php. This will give you a lot of information if there are any security loopholes.
After you are done with your investigation, make sure you delete the phpinfo.php file in order to prevent unauthorized people from gaining access to it. Most of these things are easily changed by .htaccess and php.ini files.
2) Define user privilege for your multiple-author blog
If content of your blog is contributed by multiple authors, there is need to assign access rights limits or privileges to each uthor. To make the administration easier, you should install the User Access Manager.The plugin enables you to manage the access to the blog posts, pages and files.
To use the plugin,you only create a user group, put registered users to this and set up the access rights for the group. The post/page will then only be accessible and writable for the specified group
3) Always upgrade WordPress and plugins versions to the latest ones
Make sure the version of WordPress is the latest. Latest versions always fix the bugs and other security issues of the previous versions. This also applies to plugins. It might be difficult to upgrade at once if you have multiple niche blogs. How can you upgrade 100 niche blogs at once. This is a disadvantage of maintaining multiple blogs.
In my own case, I do not just install plugins. I make sure that the ones I install are ones I really need for making the site make money. Not just fancy plugins. I don’t install plugins because everyone else is installing.This makes it easier for me to plan and upgrade all of the WordPress versions and plugins in no time.
4) Do security scan regularly
On a regular basis, do a security scan of your blogs. A security scan reveals if you have correct CHMOD permissions for all website files. A good plugin to do this is the wp-security-scan plugin. The plugin also proposes the correct ways to fix those security loopholes found in any file or folder.
I recommend you to use Website Defender to scan your WordPress blog.If something is not right,Website Defender will send you an email to notify any vulnerability found on your WordPress blog.
5) Use Secret Keys in the wp-config file
Hackers are getting wise everyday. They are always creating new ways of hacking websites after new version of wordpress is developed to combat the security vulnerabilities of the previous one. Hence, you need to use a security key in order to completely put your site under tight security.
A secret key is very good because it makes a blog difficult for hackers to hack. Not only that, secret keys make access to a blog harder to crack by adding random elements to the password. A secret key is a password with elements that make it harder to generate enough options to break through your security barriers.
Security Keys are single-line definitions in your WordPress configuration file, the wp-config.php. If you don’t know what the wp-config.php file is, it is the file that stores the names, address and password of the database that the blog needs to function. The file also stores user details and blog posts. It is in fact the engine that keeps a WordPress blog moving.
6) Encrypt your login
WordPress has some security weaknesses. One of them is that whenever you login to your blog,your password is not encrypted. The security flaw is more serious if you are on a public network where a hacker can easily download your login information with login harvesting scripts.
Encrypting a WordPress blog is to be done with the use of SSL or other secure protocols. The problem is that most people don’t have the technical skills to do this. Hence, if you are one of them, you should use the Chap Secure Plugin. The only problem I have noticed with this plugin is that it can give errors even when you have set the parameters correctly.
7) Prevent brute force attack
A brute force attack is when a hacker uses all possible keys against an encrypted data until the correct key is found. There are many ways of doing this. A script can be written to send automated requests to the system, seeking permission to gain entry to your server with different keys.If a key does not gain entry, another one is automatically developed. This system is also used for hacking Twitter accounts.
To stop brute force attacks, you should install the AskApache Password Protect plugin. This plugin is designed to stop automated attempts to exploit your blog vulnerabilities. Another one is the Login LockDown plugin. The plugin ;imits the number of login attempts from a given IP range within a certain time period. Once a certain number of failed login attempts are reached, the plugin automatically disables the login function for all requests from the IP range.
8) Use strong password
Don’t just use any word for a password.Don’t use dictionary words, birthday, names of spouse,children,etc.Use a combination of digits, upper and lower case letters and special characters that will not even be easily remembered by people, including you.Write the password down and keep it in your home.
Do not store passwords on your computer. use a minimum of 8 characters for your password.
9) Protect the wp-admin folder
The wp-admin folder is where the main information directing how your blog functions is kept.Most hackers enter through this folder before gaining access to other files in the server. Use the WP Scan plugin to always scan all your blog files to determine which one is vulnerable. The plugin will reveal if some file do not have the correct CHMOD permissions.
You can also use the AskApache Password Protect.This plugin enables you to use password to protect the directory and give access right only to authorized people.
10) Remove WordPress version information
Each WordPress version has its security weaknesses. Hackers use the WordPress version of a blog to easily create and launch hacking strategies and bring the blog down in minutes. Therefore, you should prevent the version of your blog from being displayed. If you are using general WordPress themes for your blogs, make sure they do not display your version of WordPress.
To remove the WordPress version info, log in to your WordPress dashboard. Go to Appearance->Editor. Then click on the header.php tab and the file codes will be displayed. Click Ctrl+F on your keyboard and paste this code:
” />
Delete the entire line and click Update File.
11) Do not use “admin” login name
WordPress 3.0+ allows you to choose your own username. The previous versions of WordPress had “admin” as the username. The use of a login name different from “admin” makes it difficult for hackers to use automated means to guess your login information.
12) Backup the WordPress database
Even after taking all necessary security steps, you still need to always backup your wordpress database. This is because anything can happen at anytime and what you thought was secure might not be secure. The WordPress EZ Backup plugin allows you to create backup archives of your entire site (not just the wp installations). It also allows you to backup any mysql database. Another plugin is the WP-DB-Backup plugin.
This does a complete backup of your core WordPress database and other tables in the same database. You can also schedule the backup process so that the plugin automatically does a backup at your specified time interval.
Most of the backup plugins are not written to be compatible up to the current version 3.0.1 version of wordpress but they can still work with it.
13) Don’t download plugins from just anywhere
Plugins are what make the WordPress blogging platform very robust. With plugins, you give flexibility to your blog to fit in to internet marketing situation. This is why it is very easy to make money with WordPress blogs than any other blogging patform or static html websites.
However, there are security risks in using plugins. Plugins can contain malicious codes that store and relay back your site information to the plugin author. This is why you should not just download and install any plugin you find around. Do not install plugins unless they are really necessary for the smooth-running or survival of your blog in any niche market you are targeting.
Conclusion
There will be never-ending security precautions we can take,but as long as we prepares for the worst,everything will be under control.
Cool tips, thank you much appreciated.
Ur welcome Edwin
Very important for bloggers who are beginners especially!! Thanks nice stuff!!! Loved it!!
Backing your WordPress data is very crucial as data once lost, lost forever right?? I personally feel that we all should redefine the process to help amalgamate & sum up the data in an encrypted form which is very useful. Also, it is very necessary that people should be aware of such things!!!
Security scanning has been my top notch priority to overcome any sorts of virus infected files, spams & to overcome security glitches too!! I feel this is the most high rated one should go for!! Security always makes you successful!!
Yes, strong passwords are the most important keys where you have to be the most careful as it is more prone to hackers these days!! It should be filled with some unique codes which are just as impossible as breaking a 7 lever lock!!
first…
Hey, I like your design but you should check out the design at my site(A Diablo 2 Items Selling Store) and let me know what you think! 24/7 Diablo 2 10 Minute Delivery!…
I always thought having a strong password was the only thing you can do to prevent hackers but you have taught me of many other techniques that I will definitely be using immediately on my WordPress blogs.
first…
Hey, I like your thoughts but you should check out the design at my site(A Diablo 2 Items Selling Store) and let me know what you think! #1 Diablo 2 Item Store 2011!…
Very good & effective tips which are very useful & very important!! I can now heave a sigh of relief which is going to be very effective & useful for me in the long run!! Thanks a lot!! Amazing tips!!! Must say WordPress is the best!!
I am amazed to see that such amounts of security tips are also prevailing which is very much essential for every individual to secure their systems which is a very important job. Just using anti virus & firewalls won’t make the deal! We also need some concrete strong solution & thank a lot for providing such insight of such tricks!!
Hey, thanks for the post. It was really very informative. The 11th point discussed is quite important and ignored generally by all the bloggers but it is a loop hole one provides the hackers to hack into your word press account with easy brute force attacks.
I am a beginner to blogging and hacking has already shown up! I wonder how to help myself. Though I have decided to make a new blog I don’t want it to be prone to hacking like my previous one. I am not a techie but trying to understand your post. Could not grasp everything but still, learned quite much and would apply them for sure. The secret key idea sounds superb and hiding my plugins folder is the first thing I would do. Maybe it got hacked the last time because of this reason. I never upgraded to the latest versions and I am realizing the mistake now. Thank you so much for this information.
Thanks for the tips! There’s a few on that list that I’m going to have to implement straight away (hadn’t thought of hiding my version number for instance, that’s inspired!), and I really like your point about only installing the Updates that you actually need, I see alot of lists online of MUST HAVE PLUGINS, and you look at them and end up wondering why they bother
Thanks, that’s really helpful- some good tips I’d not thought of.
Many thanks for useful review and tips., well done.
I am a beginner to blogging and hacking has already shown up! I wonder how to help myself. Though I have decided to make a new blog I don’t want it to be prone to hacking like my previous one. I am not a techie but trying to understand your post. Applied Lasers in Concord and California, is well know for Lasers Cutting Concord and Laser welding services.
Make sure the version of WordPress is the latest. Latest versions always fix the bugs and other security issues of the previous versions. Thanks for the tips! There’s a few on that list that I’m going to have to implement straight away (hadn’t thought of hiding my version number for instance,
these are really nice tips, I think it had covered all the necessary precautions to prevent hacks.. and yes, we can’t completely eliminate the threat of hackers but we can all do these to minimize and control the damage..
Thanks for these tips in securing our WordPress sites against hackers. These are indeed the very first thing we should do since it is in blogging where we make our living. I really appreciate this post and will execute this in my sites. This is very helpful. Thanks for sharing.
Great tips, yeah, you are right that blog commenting is one of the great ways in making money online but there are so many internet thieves that may destroy. There are so many hackers exists now and we should aware of that. Thanks for the tips ahead it actually helps.
The simplest thing to make your blog secure is to make a strong password with a username that is known only by you and your trusted authors. Oh, and make sure that all of the stuff that you’ve posted there has a backup.
I’m extremely inspired together with your writing abilities as smartly as with the layout on your blog. Is this a paid subject matter or did you modify it your self? Anyway keep up the excellent quality writing, it’s uncommon to see a great weblog like this one nowadays..
Excellent post. I was checking constantly this blog and I’m inspired! Extremely helpful information particularly the ultimate part
I take care of such information a lot. I used to be looking for this certain information for a long time. Thank you and best of luck.