5 Steps You Must Follow to Enhance Protection

There are lots of security tips out there. In fact, some of them are very efficient in securing your WordPress blog. I found the methods suggested were efficient yet easy to implement. Here are the summaries of my recommendation.

1. Use a strong password
Choosing a strong password is one of the first and easiest defenses against hackers. Passwords that are longer than 8 characters and contain a combination of upper and lowercase letters, numbers, and symbols creates a stronger password.

Tips: Whatever your password is, make sure it is strong enough. You can check your password strength via Microsoft Password Checker for a rating.

2. Upgrade your WordPress
Do not take it for granted. WordPress is always known for vulnerabilities. Hackers are not ordinary people. They know how to exploit your blog in whatever way. Always upgrade your WordPress installation to the latest version whenever available as well as any latest security patches released. Do not compromise it as it is one of the methods to prevent security flaws. You leave yourself open to being hacked if you don’t upgrade.

3. Secure the /wp-admin/ directory via .htaccess
As most common WordPress installations, all folders were created in similar structure. The wp-admin directory is where the sensitive data located. By default, the installation left the directory open for public access, thus increasing its vulnerability of being hack. One method is by using .htaccess to restrict the permission only to certain IPs (in this case, yours.)

How to?
It is pretty easy. All you have to do is copy the codes below and save as new .htaccess file. Place the file into /wp-admin directory and you’re done.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx

Don’t forget to replace your IP address at “allow from” line.

4. Utilizing index.html file
I believe, all of us have plugins installed. Do you know that your plugins directory is similar to mine? Secure the folder by placing an empty index.html file. The index.html file by no mean will secure the directory but what it does is to hide those plugins you used from public and exploitations.

How to?
All you have to do is open your document editing software (Notepad for example). Leave it blank and save the file as index.html. Upload the file into /wp-content/plugins/ via any ftp software and you’re done.

5. Remove WordPress meta version tag
In your blog’s header.php template tag, remove the meta tag named “generator” which states which version of WordPress you are using. Chances are, not many decided to upgrade their WordPress due to whatever reasons. Why help hackers know which version you are using? You can slow them down by removing the WordPress version that is included in most themes by default.

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

How to?
All you have to do is open the header.php file and delete the entire tag above. Alternatively Replace WP-Version plugin can do the work for you.

More articles related to WordPress security

digg reddit delicious stumbleupon technorati furl ma.gnolia
Does this post useful? Subscribe to RSS Feed for updates.
Posted on: June 23, 2008 | Under Blog Security 
 

One Response to “5 Steps You Must Follow to Enhance Protection”

  1. 5 tips to secure your blog « Better Wordpress..

Share your thoughts




Speak your mind