WordPress Security Tips, Hacks and Plugins

Posted on January 11, 2011 By Devesh 23 Comments

WordPress is one of the most popular platforms for self-hosted blogs and websites. However, being a popular and open source software, it also means that hackers have full access to the code which they can be easily obtained and studied for vulnerabilities. In this post i’m going to talk about the WordPress Security Tips, Hacks and Plugins.

WordPress Tips

Securing wordpress blog is one of the most important thing that blogger should do. Here are some simple tips that can help you to improve the security of your blog.

1. Update your wordpress to Latest version

This is something i see most people aren’t doing. If you’re security-concious about then, update your installation as soon as you the stable release launches. It will only take 30 seconds and if you’re not updating then you’re taking unnecessary risks.

2. Don’t use Nulled themes and plugins

This is something that many people are not aware about. If you don’t know anything about file nulled themes and plugins I’ll tell you all about it in a moment. Nulled theme is a pirated copy of any premium theme, plugin. Many people who are bloggers or marketers are using nulled themes and plugins. If you take a look in those themes then you will surely find some type of malwares or backlink code or something unethical.

3. Always take a Backup

Taking backup of wordpress isn’t a hard task and dosen’t take time too but still many people don’t take backups. I recommend at least taking weekly backups. This puts you on the safe side because if your site’s database is compromised, you’ll have a backup to restore it to.

WP DB Backup – WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.

4. Use correct file Permissions

Using correct file permissions on your wordpress files is very important. The best way to check the file permissions is using BulletProof Security WordPress Plugin.

5. Use a Strong Password

This is something most of you already know about but still some people use simple passwords like “i luv u”, “password” or “123″. You should use something strong, a mixture of upper and lower case letters with a few numbers.

WordPress Hacks

Hacks are useful sometimes as it helps you to improve the security level of your wordpress.

6. Protect you wp-config.php file

Wp-config.php file store the your database connection string. This need to be protected. Don’t allowed anyone see what is inside your wp-config.php. You can protect wp-config.php by using htaccess, add these lines to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all
</files>

7. Limit Your WP-Admin Access

Limit your WP-Admin access only from your ip and your co-authors ip. This can limit access to your wp-admin only for your ip. Please don’t do this step if you don’t have fixed ip or you travel a lot. Edit .htaccess to limit access to your wp-admin:

order deny, allow
allow from 122.123.41.11 #change to your static ip
deny from all

8. Block wp- Folders from everyone

The folders wp- folders contain various pieces of information about your blog, which you don’t want people to see and certainly don’t want bots indexing your file structure to the world, so to prevent this add this to your robots.txt file:

Disallow: /wp-*

9. Remove the WordPress Version

This little snippet will remove the WordPress Version from your wordpress blog.

function no_generator() { return ''; }
add_filter( 'the_generator', 'no_generator' );

WordPress Plugins

If your development knowledge is limited, your best option is to download and install plugins. Here are list of some of the best wordpress plugins to help you to secure your wordpress blog.

10. Bulletproof Security

Fast one click website security protection. Protects your website from ALL XSS and SQL Injection hacking attempts. The BulletProof Security plugin is designed to be a fast, simple and convenient one click method for you to activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard. The BulletProof Security WordPress plugin is a one click solution that simply copies, renames and moves the provided .htaccess master files in the BulletProof Security plugin folder to either your root folder or your /wp-admin folder or both from within your WordPress Dashboard.

Info & Download

11. Secure WordPress

Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.

Features

Removes error-information on login-page
Adds index.php plugin-directory (virtual)
Removes the wp-version, except in admin-area
Removes Really Simple Discovery
Removes Windows Live Writer

Info & Download

12. Antivirus

AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.

Features

WordPress 3.x ready: Design as well as technical
Quick & Dirty: activate, check, done!
Manual testing with immediate result of the infected files
Daily automatic check with email notification
Whitelist: Mark the suspicion as “No virus”
Clean up after uninstall the plugin
English, German, Italian, Persian, Russian

Info & download

Over To You

All the above factors can help to secure any type of wordpress blog/site, in case you find something to disagree with in this post or have an opinion on this topic, please do share it with us below. If you find this blog useful please do Subscribe and Follow me on Twitter.

About the Author: Devesh Sharma is a WordPress fanatic and loves experimenting with WordPress themes & plugins. Get more from Devesh on Google+ and Twitter.