No matter how awesome content on your blog is, how properly SEOed your site may be or how much work you put into promoting it, one day all your efforts may fall short all at once because your Wordpress-run blog has been hacked. What may follow is quite a depressining time actually:
- Your website might lose credibility and trust;
- Google may put that “This site may harm your computer” notice on your site SERPs listings which affects your clickthrough as well as reputation;
- Important data may get lost;
- It may take quite a long time to get everything in order (cleaning your site and filing a “malware review” and waiting for Google to figure everything out).
Anyway, it is absolutely clear that it is better to stay away from that negative experience even if you hope that won’t ever happen to your site. So let’s share our favorite tips to secure our Wordpress blogs, shall we?
I’ll start and please share your tips in the comments!
- Wordpress Exploit Scanner Helps Administrators Scan Their Database For Malicious Files;
- A very thorough Wordpress security guide;
- 20+ Powerful Wordpress Security Plugins and Some Tips and Tricks
So would you share your favorite Wordpress security guides, plugins and tips?
Share Your Favorite WordPress Security Tips! http://tinyurl.com/yjl9u48
[Reply]
what i believe is 1) file scan is essential before uploading file into wordpress through http://ftp.
2) install some plug-ins which are providing security against hack and attacks
3) Never share and your ftp password to any one.
4) Remove version of wordpress from head of index page.
[Reply]
Lovin’ the WP DB Backup extension. It mails me a backup of the database every friday.
[Reply]
I am new to wordpress and I have not though of securing it. I will sometimes follow the tips said at Wordpress dashboard.
[Reply]
I wrote an Article about Wordpress security just after hack attempt to my site. It’s bunch of tips Just visit http://bit.ly/2CNd34
[Reply]
better safe than sorry, right?
[Reply]
Loving the plugin ‘Login Lockdown’ which you can get here http://wordpress.org/extend/plugins/login-lockdown/
[Reply]
Best tip is to keep the darn thing updated. It’s amazing how often blog’s get hacked and 9 times out of 10 the blog was woefully behind on software updates.
[Reply]
Hi Ann
Looks as though you have already picked the best links to security tips and plugins LOL.
I’m new to Wordpress and have been made aware of all the security issues by all the upgrades to Wordpress 2.8, currently standing at 2.8.6 and counting.
So I stopped working on uploading my theme and making my blog look pretty and started looking at security. Both things you can do and plugins you can upload.
First thing is keep up to date with the latest Wordpress release.
Second thing is remove the default admin user and create a new admin with secure username and even more secure password, try this site for details http://www.clickonf5.org/wordpress/delete-wordpress-default-admin-user/5447
Then start looking at plugins…
Try this one http://devel.kostdoktorn.se/limit-login-attempts
I think that it is better than login lockdown.
That’s as far as I’ve gone but I will add a few more security measures before starting to pretty up the site.
Well done on starting the ball rolling.
[Reply]
WP Security Scan is another good one. It scans your site to tell you what security loopholes you have and how to fix them!
[Reply]
Thanks for share very helpful wordpress plugins and tips. I’ll read it and download this plugin.
[Reply]
I like to IP restrict the WP-admin folder. It is explained how to do this in How to Make WordPress More Secure from Hackers & Robots
[Reply]
On my blog searcheditors.com I use the following security plugins:
Askimet
Bad Behaviour
http:BL WordPress Plugin
Invisible Defender
Limit Login Attempts
Spam Karma
WP Scanner
Wordpress Firewall Plugin
I also restrict IP for my WP-Admin folder as Gerald mentioned above. And I also have a lot of additional security rules in my .htaccess.
[Reply]
@John
Thanks for sharing your list.
I recognise most of the plugins but there are a few there that I have not heard of and will certainly take a look at.
[Reply]
Login Lockdown plugin is missing from the above list. It is very useful in Bruce force attacks.
[Reply]
Vinish Reply:
December 7th, 2009 at 2:10 pm
Or rather to avoid Bruce force attacks.
[Reply]