Results 1 to 3 of 3

Thread: A Guide To Secure Your WordPress website

  1. #1
    nithinr6's Avatar
    nithinr6 is offline Senior Member
    Join Date
    Aug 2008
    Location
    Kerala, India
    Posts
    268

    Lightbulb A Guide To Secure Your WordPress website

    In the wake of hacking of some wordpress sites including TWC, I have compiled a post on securing a wordpress blog.



    Even though we take a great deal of effort in securing our PCs, I have seen that many doesn’t bother too much about securing their sites – and the result is that their site is attacked and valuable data are stolen or lost.

    So here are some tips on how to protect your wordpress site. I have divided this post into two sections – basic protection for general users and advanced protection which might require some coding.
    Basic Protection

    1) Remove the default admin account – The default wordpress account created during installation has the username admin. Thus if a hacker attempts to take control of your site, having the default username makes his job easier. I recommend having a random username that is different from the display name ( the name that appears under the posts). While you cant change your username once you set it, you can change your display name by going to “Your Profile” under “Users” in the wordpress dashboard.

    And remember to protect your account with a strong password that is at least 8 characters long, contain mixed case and have alpha-numeric and special characters.

    2) Create an empty html file called index.html in the plugins directory. Thus if you have installed wordpress in your root folder the file url would be as siteurl/wp-content/plugins/index.html. This makes sure that hackers don’t get hold of the details of the plugins that you have installed thus decreasing the chances of them taking advantage of an out-dated/vulnerable plugin.

    3) Use WP Security Scan plugin to scan your wordpress installation for vulnerabilities. It will scan the installation and suggests actions to take if it finds any vulnerabilities. You can download the plugin from here.

    4) Stop brute force attack by installing the login lockdown plugin. It records the IP address and timestamp for every event and will lockdown the login function if it finds multiple failed login attempts from similar IP range. Download the plugin from here.

    5) Set the correct permissions for files and folders. The right values are 644 for files and 755 for folders. The file permissions can be set using an FTP client like Filezilla.
    Source

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,519

    Default

    Yeah its a nice guide - LOL why didnt you post it a week back!

  3. #3
    nithinr6's Avatar
    nithinr6 is offline Senior Member
    Join Date
    Aug 2008
    Location
    Kerala, India
    Posts
    268

    Default

    heh everything has got a time ain't it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22