Some Advice About Securing Your WP Blog

I don't exactly want to scare you, but I want you to be aware of the reasons why you should backup your WordPress blog, and even better protect it against someone getting access to that site.

Someone getting into your WordPress blog can delete anything that is there, can replace it with something else, redirect it and in fact access every single file in that WordPress site, sometimes other websites on the same server. That is why it's really important to keep people out and backup your site just in case something goes wrong.

Something that is very easy to do if someone gets into your WordPress blog is delete it.
There is in fact a plugin called Bulk Delete that can delete all plugins within that blog, kind of a scary thought. But if you keep your blog backed up, then no one can really hurt you, even if you just use something once per month or once per week.

Let's say in the worst case you back up your site on a Monday, and someone gets into your site and deletes it on a Friday, at least you have only lost the past five days of work. You haven't lost the past two years, if not more.

What is even scarier is that someone who gets into your WordPress site might replace it with something else. Many hackers gain entrance to weakly protected WordPress sites and replace it with their own images and content.

What also might happen is someone might set up your site to redirect to a new site, or display some ads. And even worse, if your site gets flagged as an attack site, as a problem site other people will not be able to see it.

One of the more worrying things about someone getting into your WordPress site, is that they will probably be able to get access to all files in your site using the using the file manager plugin in WordPress. And even if you don't have this file plugin installed, they can easily install it from the WordPress dashboard. Depending on how your server is configured, they might be able to see every single website and account on that server. Kind of a scary thought, eh?

If someone gets into your WordPress blog, it's not just about them changing content or redirecting to a new place, they now can see all your files, all your blogs, all your videos, all of your information. And all this is a reason for you to lock down WordPress.

Make sure you use a hard to guess password and be very careful about where you log into your blog from. And above all, backup your site, so just in case the worst happens you are still protected and you can still get your stuff back.

 

add some security plugin like word fence

 

All the sensible folders in a wordpress installation should be blocked and only visible from your IP, this can be easily done by editing your htaccess file. While this won't guarantee you won't get hacked it will prevent 90% of attempts.

 

Here are my few suggestions :

1. Hide Folder listing ( using .htaccess)
2. Dont use the default prefix for the database table ( "wp_")
3. Change the FTP,Cpanel password frequently
4. Install security plugin, to trace the I/P list and block it ( i think, its not 100% work, since dynamic IP get no result )
5. use Custom Secret keys
6. Remove unused plugins AND themes
7. Backup your wordpress site for every week

Thanks