How to Set Up WordPress Site for Mobile Devices
According to stats of Google Analytics, nearly 3% of visitors are accessing this site via mobile phones and among them, iPhone and Android devices are the most popular....Simple Ways to Prevent WordPress Blog Hacking
WordPress is a free open-source blogging tool and also the most SEO-friendly CMS on the Internet. A great deal of bloggers from amateur to professional are using self-hosted WordPress as their blog publishing platform. This explains why WordPress is the main target of hackers’ attacks. Earlier this year, numerous blogs using the WordPress platform has been hacked to infect visitors all over the world.
In the mass attacks on websites using WordPress, hackers do not change or create new files on that website, they just injected a web address into the database. Entire website visitors will be redirected to the malicious site injected. My blog was also a victim of these attacks and I even didn’t notice it until I received a warning from Google. Somehow hackers injected a malicious script to the footer and my blog just came back to normal after I removed this script from the footer.php file of my theme. It left extremely serious consequences to my blog, I lost many visitors and Google hadn’t indexed it for a few weeks. I have learned a valuable lesson from this incident, “Prevention is better than cure“.
Therefore, in this article I want to share with you 4 tips I have done to protect my WordPress blog from hacker’s attacks.
1. Limiting Access to WordPress files and folders.
- In the mass attacks I mentioned above, a number of security weaknesses contributed to the WordPress vulnerability, including the fact that WordPress stores the database information in plain text at the wp-config file, which many WordPress users allow it to be readable by anyone. So the first thing is you need to Chmod the file wp-config.php and. Htaccess to 404 (allow read-only) so that if there are any problems, the information of the database will not be revealed, and your important data will not be lost or stolen.
- We also need to limit access to our wp-admin folder by using .htaccess and assigning specific IPs that can access it. Firstly, open your .htaccess file located in your /wp-admin folder (Do not edit your root .htaccess file), and make a backup. Then paste the following code:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basicorder deny,allow
deny from all
# whitelist Tuan’s IP address
allow from xx.xx.xx.xxx
# whitelist Brian’s IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
Replace xx.xx.xx.xxx with your IP Addresses and save the file. You can add more IPs if needed by creating a new line with: “allow from xx.xx.xxx.xx” inside. This solution will absolutely keep your wp-admin folder safe. The only downside of this tip is that if you access your wp-admin panel in somewhere else, you will have to add an extra IP address.
- If you don’t want to change .htaccess file, try to chmod WordPress folders to 101 so that no one can see its content. When you want to edit these folders, chmod them to 701 and remember to chmod to 101 again when you are done.
2. Keep WordPress up-to-date
Updating WordPress has become very easy, the newest version automatically notify you in your dashboard if there is any updates for your WordPress and plugins. Since WordPress 3.0, Tools->Upgrade menu option is moved to Dashboard->Updates and themes, plugins, and core upgrades are under one panel. Now you can now update WordPress and plugins with just a click. Don’t be lazy upgrading your WordPress, themes and plug-ins as soon as possible or you leave yourself open to being hacked.
3. Use Captcha whenever possible
Try to use Captcha for comments, login form and contact forms. I don’t recommend you to use Captcha for comments as it doesn’t encourage readers to leave comments on your blog. There is a plug-in that virtually eliminates spam comments and can save you a lot of time moderating comments, it is the Conditional Captcha. After installing this, Captcha will only show up for comments that are suspicious as spam by Askimet. Joe Boyle did a very good tutorial of this plug-in, you can check it out here: Eliminate Spam With Conditional Captcha.
4. Hide WordPress version
Hackers may find out your WordPress version and exploit its security holes. You might don’t want to display the WordPress version from your website source. WordPress themes have a line in the header.php to display the current version. To protect your blog, go to header.php file and find the following code:
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
and replace with:
<metaname="generator"content="WordPress" />
Above are what I have done to protect my blog. Has your blog ever been attacked? Could you share your experience in preventing your WordPress from hackers and suggest any other tips you know?
Warning: Invalid argument supplied for foreach() in /home/tekdorg1/public_html/wp-content/plugins/yet-another-related-posts-plugin/magic.php on line 54
No related posts.
Article by Tuan
I am the administrator of Tek3D Weblog, which was created in December 2008. I write about anything related to technology and science. Wordpress blogging tips and technology news are my favourite topics. Subscribe to the RSS or Twitter to receive my blog's latest updates.
Tuan has written 493 awesome articles for us at Tek3D Weblog
Vector Graphics (8)
Robert @ Techinfo... (7)
Computer Help (5)
Harsh Agrawal (5)
Hung (5)
let me add the classic ways about making your password strong enough to be difficult to be hijacked
hisam´s last blog ..Disable rapidshare countdown timer inside Google chrome
Yes, you are right, I heard that many blogs were hacked not because of a vulnerability in the WordPress code, but because their passwords were so popular and easily guessed. I recommend to you meaningless passwords with over 10 characters.
Some great tips about making our WordPress blog secured. Security is an important issue that all bloggers should take care of since nowadays hackers are always on the look out for unsecured and vulnerable sites to hack. I am wondering about this Conditional Captcha plugin. Seems to sound good, would love to see it in action. I will check out Joe’s blog now
Shiva | Web Magazine´s last blog ..The Meteoric Rise of Twitter Infographic
Conditional Captcha is one of the best WordPress plugins in my opinion. Moderating comments is very annoying for both readers and blog owners. This plugin can get rid of this problem easily. You can check out Joe’s blog for more details.
when i installed WordPress first time on my server it was hacked and had very difficult time to clean up. It is always good to stay preped..
Stock Photos´s last blog ..750 Business Cards Giveaway from PrintRunner
Thanks for Sharing the Security tip. Blogger is more secured than WordPress
Alka Singh´s last blog ..
I like your information about setting up IPs, but I wonder how this may affect broadband users since the IP can change daily.
Rebekah´s last blog ..Optimizing for Misspellings That’s SO Last Year…
Hi Rebekah, your IPs can change daily but they are still in the same IP range. You can set it up like this:
The above allows access to the wp-admin folder from any sub domain under the IP block 12.111.12. (12.111.12.1, 12.111.12.2, 12.111.12.3, etc.)
Hope it helps.
Thanks a lot. I’ll remember this one.
Beasiswa Luar Negeri´s last blog ..Beasiswa PhD Sosiologi Goldsmiths University 2010-2011
To be honest, the one thing I never really consider on my blog is wordpress security. I probably should, but I just don’t seem to ever have the time to get around to it.
Do many people ever get their wordpress blogs hacked?
Robert @ Techinfo-4u.com´s last blog ..Motorola ES400 EDA Review
So you should care about it now, Robert. As I said, prevention is better than cure. Nobody want to solve problems after your blog is hacked. Many WordPress blogs have been hacked this year, including the famous ones like Techcrunch.
Upgrading to most recent WP release, having a strong non-guessable password and hiding your Wp version should be enough to help you stay protected!
TechChunks´s last blog ..Top 10 Geeky Webcams That Ooze With Creativity
I think we shouldn’t be subjective with hackers, many top blogs in the world have been hacked although they are always updated to newest version.
thanks for these tips, Lets try…
Hi Tek3d, I really needed this info since I just installed WP 3.0 earlier this week. I might need some help implementing these tips because I’m so new. I hope I can send you a tweet if I get lost.
Thanks!
btw – I love the way things are looking around here. The header and theme are awesome. What theme are you using?
Ileane @ Basic Blog Tips´s last blog ..Basic Blog Tips for New Bloggers
Hi Ileane,
I don’t know that you are creating a new WordPress site, that’s great. You can tweet or email me whenever you have problems, I’m always here to help.
I’ve tried some themes from Elegant and maybe this one will be my new theme. I am tweaking this theme and I hope you will like the completed one.
i am new with wordpress and didn’t knew about this tips… it’s a great help from your side….
pooja´s last blog ..LG Ally
They are necessary and simple tips to protect your WordPress site. I’m glad this post could help you.
thanks mate… really i didn’t knew it that wordpress can be hacked…
TechShare´s last blog ..Optimise Your Links For SEO
You are welcome. There is a valuable lesson on the Internet, it is that nothing can’t be hacked, we should protect what we have before it is too late.
Tuan,
Great post on security. This is definitely going on my delicious list for security. I ran across a post talking about security a while back, cant’t remember exaclty what it was but do remember it talked about using a plugin called Bulletproof-Security which I was going to check out. I used Captcha a while in my comments and realized I did not like it when I had to use it so I figured others didn’t like it either. I discovered spam-stopper which seems to be a very simple and less irritating option to Captcha but will definitely check out you suggestion. Thanks again for sharing and as always,
Make it a great day.
Dennis
Lead, Follow and Share !
Dennis´s last blog ..“Book ‘em Danno!” or What was that link
Thanks Dennis,
The plugin Bulletproof-Security you mentioned is quite a good one, it simplifies our work in security very much. But if you don’t want to use more plugins for this, you can use solutions above, it shouldn’t take much of your time.
Great weekend, Dennis.