Having a successful bog is not everything. Protecting and keeping your blog secure and hacker proof is again an important task. Today I would be sharing some key methods that would make sure your blog is secure and hardened against hacking and security vulnerabilities. I could be more authoritative on this topic as i am an information security consultant by profession.
WordPress directories should not be left open for access to everyone
It would be very critical of hiding the information about what all plugins and wordpress plugin versions that are installed on your blog. Hence it would be critical in not leaving the wordpress plugin folder open to file browsing on the ftp. Hence create an index.htm file under the wp-content/plugin/index.htm so that it would not leave the file browsing open.
In addition add the line to your .htaccess file on your root directory: Options All –Indexes
Block Search engine bots to access and index your WordPress folders:
Add the below line to your robot.txt file on your root directory:
Keep your wordpress and its plugins up to date
WordPress is a wonderful open source script and they have a dedicated team that work their heart out on improving the security features. So make sure you are updated to the latest version of wordpress as and when the upgrades are released. So is the case with wordpress plugins.
Secure your WP-admin folder
1. Download the AskApache password protection plugin – AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. It basically ads another layer of security on the wp folders and that is simply critical. You could download it from here
2. Use a login lock down plugin that would lock down your admin login on multiple wrong attempts. This is critical as it helps you fight against the brute force technique of hacking.
Take regular back up of your FTP and wordpress DB
Harden your server
Use the following line on your .htaccess file and this helps you to safeguard your DB access credentials
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>
Most importantly have a strong admin password
Is the heading says – make sure your blog has a tuff password that is easy to guess or hack.