Protecting Your WordPress Blogs from Hackers

Posted in Blogging Tips on Sep 1st, 2011 |

WordPress has become extremely popular online with bloggers, regular site and corporations using it to market their products and services. WordPress though is commonly used develop a blog that is a shared in an on-line journal format where people can post daily entries about their personal experiences and hobbies. With so many people using it, it has become a target for hackers and each month wordpress is continually uncovering and resolving issues related to security issues.

How hackers find (and hack) into your WordPress blogs?

Nearly all installation files can be easily readable through web browsers because of the different flaws that exist today in php files. They still have ability to burlesque the header of the referrer to take advantage of others installations. This in turn means it’s not impossible to break into a site.

Recent epoch holes can easily be found while older can create problems and can be easily hacked. Programmers write a special program often called a ‘web crawler’ that travels on the internet finding targets in thousands of sites. When it finds the right destination and having the required criteria or hole, it starts to enter the sites in an unauthorized manner, usually with the intent to steal or commit a violation by infecting its functionality.

WordPress hacking can be caused due to the vulnerabilities that can exist on the server side. Any programming as well as scripting language likes PHP, CSS, Java that are used for add in or plug in with wordpress, can be open to attacks that creates abnormality and vulnerabilities. When hackers find out that a directory indexing is automatically turned on then they can see inside just like an X-ray machine. Therefore you should use a secure version of the web server, stable database and secure scripting interpreters.  It should be crystal clear that you are using a trusted host for your website.

WordPress uses a lot of external based plugins and many sites end up hacked due to the outdated plugins. So you should be cautious that any plugins you use are updated and not outdated.

Quick actions to avoid common hacking tricks

As a blogging publishing platform which is open source code it makes it very easy for hackers to discover new holes and flaws in the system fast. WordPress is powered by MySQL and PHP and those 2 areas are notorious for being hacked.

So follow some of these tips and hopefully you can avoid becoming a victim of hackers.

1. Identity Protection

With so many ways to hack a wordpress site it’s essential to protect what you have, so I strongly advise you to move your config.php file outside of your root directory, that way all of your user and password information will be in accessible. Just move it up one directory. The config.php stores a lot of core information about the site, how it functions and its connection to the mysql database server.

2. Protection of Content

Be sure to use a .htaccess to prevent certain folders from being accessed. The .htaccess file can control your directories and prevent people from seeing aspects of your site.

3. Protection of blog password

Use a password protection plugin which will prevent logins for certain time period if someone is attempting to get into your site, and repeatedly is not getting it right. This could be a bot and bots basically hammer your site with multiple passwords until it finds the right one.

4. Back up your site

Don’t rely on your webhost to do it, they actually in fact will only do a weekly one and even then that might be messed up. Always back up your site on a daily basis. if your providing a service use a backup service that is reliable, or a separate server.

5. Change default username

The main admin username is "ADMIN" and all newbie hackers know this and if you haven’t changed tha, they already are half way there to getting into your site.

• So be sure to change it from the default
• Use a mixture of letters and numbers
• Don’t use the same one for all sites

By using the above techniques you can avoid a number of these attacks.

Additionally to secure your site, you should delete any plugin attached to wordpress whose signatures are not met with its specifications. A hacker or programmers script may automatically find the installed plug-ins at your site and try to manipulate it by checking its version.

Changing passwords on a frequent basis is a good idea for security as it can save you from any vulnerability and hacking. Public wireless fidelity is great but you should be careful about the encryption that is done all the time around you. Taking care of your password and keeping your password according to the defined rules, enables you to secure your site and data files. A strong admin is necessary to secure the site or blog and its content along with any other damage that a hacker can cause by sending the scripting language. A hacker can easily gain access at the administrator point and can cause a lot of damage by changing the content of site therefore an administrator should be alert to the types of hacking that occurs and secure their site with a strong password.

In case you wish to dig deeper on this topic, here are some recommended readings: Hardening WordPress Codex, How to Protect Your WordPress Blog From Getting Hacked, A Guide To Secure Your WordPress website, as well as The WordPress security guide.