Go4Expert (http://www.go4expert.com/)
-   Content Management System (http://www.go4expert.com/articles/cms/)
-   -   Wordpress Security Tips & Plugins (http://www.go4expert.com/articles/wordpress-security-tips-plugins-t27684/)

shabbir 30Jan2012 08:33

Wordpress Security Tips & Plugins
WordPress out of the box is pretty secure still if you follow few simple security tips and install few security plugins, it can make your Wordpress lot more secure.

Choose Secure Passwords

Public always knows your Wordpress username because of your author profile on your blog and so this means you need to choose a password that is lot more secure. For a "secure password," use at least ten to twelve characters long passwords that contain at least one upper-case letter and one symbol, such as # or !.

Blog From Safe System

Donít login to your Wordpress dashboard and admin area from public computer or computer that you think will not be secure. Those computers can have keyboard loggers and other malware that can steal your Wordpress Admin password as you login.

Block wp-admin directory with .htaccess

You can easily protect your Wordpress Admin panel Directory with .htaccess. This enables extra layer of security to your Wordpress admin control panel for your blog.

CPanel provides password protecting directory option inside your control panel.

Or if you have access to the SSH you can add the password using the .htaccess and .htpasswd file like I have for my Internet Marketing Blog


AuthName "IMTips Admin Area"
AuthType Basic
AuthUserFile /home/imtips/.htpasswd
Require user shabbir

In the htpasswd file, you place the username and password (which is encrypted) one per each line. To add password you can use the htpasswd command in Linux as well.



Move wp-config.php up one level

wp-config.php file contains all of your database configuration information. You can make Wordpress more protected by knowing this little secret of Wordpress. You can move the wp-config.php file one level above the WordPress root. If you have your blog installed on your domains root directory it makes wp-config.php outside of the public_html folder making it safe from any scripting access and Wordpress automatically knows where to look for wp-config.php i.e. one level up.

Remember this tip doesnít work if you install your blog in a subdirectory (e.g. public_html/blog) because then though you have your config file one level up you are still having the file under the public_html folder and so is accessible through web browser and other scripts.

Updated WordPress, Plugins, & Themes

Wordpress provide frequent updates as well as security patches for any vulnerabilities as and when found and the same thing also holds true for plugins and themes and so it really make sense to be using latest Wordpress and latest plugins.

Install Login Lock Down

Login Lock down plugin helps protect your Wordpress blog against brute force attack (enumerating all possible passwords and checking which one is the correct one.). By default Wordpress does not lock logging into the system even if you give wrong password many times and so anybody can Brute force your admin username for various passwords and so having a Login Lock Down plugin disable the brute force attacks on your site by defining how many wrong password attempt you allow before locking the user.

Plugin to Scan Wordpress Security Scan

Install Wordpress Security Scan plugin to check if there is any thing more that you can do to make your Wordpress more secure by scanning through your siteís files and directories and giving you suggestions and action items on passwords, file permissions and other database security flaws.

Automated backups

For popular blogs you can opt for VaultPress, A premium service by the makers of WordPress to automatically backup databases and files associated with WordPress and restore them with just one click.

I hope the tips help follow bloggers remain safe. What security measures do you take for your blog? Share your views in comments below.

pradeep 18Feb2012 14:44

Re: Wordpress Security Tips & Plugins
Nice one, I would like to add a point: Securing the wp-admin directory via forcing https, you can use a self-signed certificate, this will help prevent password stealing via packet inspection.

mathewines 3Mar2012 12:08

Re: Wordpress Security Tips & Plugins
Thanks for this informative artical great hob done.

KJMS-Chris 27Mar2012 01:05

Re: Wordpress Security Tips & Plugins
Renaming wp-admin/ is not a bad idea either because it makes you less of a target from automated attacks

All times are GMT +5.5. The time now is 20:50.