Home |   Community News |   Submit WP Powered Site |   WP Powered Sites Gallery
 
 
 
 

Useful Tutorial, Tips and Plugins for WordPress Blogs Security

in How-To, Plugins, by Nur

The downfall of using the most popular blogging platform out there is that WordPress blogs are targets for hackers. If you will not keep your blog up to date , some hackers could exploit a know security vulnerability in your blog.  I’ve seen this situation happen to very savvy bloggers, so don’t think that it can’t happen to you.

Usually, a hacker  looking for vulnerable installations of WordPress. When it finds a vulnerable blog, they exploit the vulnerability to access your blog and insert links to various sites of ill repute. This technique is an effort to use your blog to increase those sites’ Google PageRank scores.

Problems always comes up, but never lost the hope when you encounter a problem. Don’t panic—in this section, I outline a few simple tips, Tutorials and few Plugins that should get you out of many common jams.

1. Link Injection

sqlinjection

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Hackers look for known exploits (SQL Injection, folder perm etc). This allows them to insert spam files/links into you WordPress Themes, plugins and core files.

CSS can Hide the Spam as follow:

and the result would be:

  1. Website was dropped by Google completely
  2. Page-rank would go down from 6 to 5
  3. Hack also infected phpBB forums links
  4. Organic traffic for “fishy things” started showing up

2. Do not use the admin account

Change the user name “admin” in Mysql, run this query in your mysql admin

update wp-users set user_login=’newuser’ where user_login=’admin’;

or create a new /unique account with administrator privileges.

1. Create a new account with unique username
2. Assign as an administrator role
3. Log out and log back in with New account
4. Delete admin account

Be careful while confirming the Deleting of admin account because it will ask you to delete all Posts and links related to that account as follow:

3. Secure with File and Folder Permission

1. File should have 644 permision
2. Folder Permission should be 755

Permission can be set Via FTP as follow:

file-access

or Via Shell access with the following comments

find[your path here] -type d -exec chmod 755{} \;
find[your path here] -type f -exec chmod 644{} \;

4. Move the we-config.php file

Up to WordPress 2.6,  the software has the abillity to check your wp-config.php on root directory, which will make impossible to find or access your wp-config.php file.

So you can change the location of your wp-config.php file from
puplic_html/wordpress/wp-config.php
 To
puplic_html/wp-config.php

5. Remove WordPress Version from Header

Find in header.php this line and remove it.

<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” />

6. Stay on Updates

Keep WordPress core, plugins and theme files up to date

7.  Use Secure Password

Password Generator to create good, secure passwords: goodpassword.com

An other excellent article on How To Make a Simple Password 580 Million Years Hacker

8. Use Secret Key

A secret key is a hashing salt which makes your site harder to hack by adding random elements to the password

1. Edite wp-config.php
2. Visit https://api.wordpress.org/secret-key/1.1
Get your key and replace it in wp-config.php

9. Change WordPressTable Prefix

1. Change wp-config.ohp before installing WordPress
2. Change the prefix wp_ to something unique:

How To Change WordPress Table Prefix

Other resource:

Protect WordPress Against Malicious URL Requests
 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
 Firewalling and Hack Proofing Your WordPress Blog

Plugins for Protecting WordPress Blog

Wordpress-Antivirus-Securit

1. WP security Scan

Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

2. Semisecure Login Reimagined

Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in.

3. Login LockDown

Login LockDown records the IP address and timestamp of every failed login attempt.

4. WordPress File Monitor

Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.

5. Stealth Login

This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog.

Like this post? Share it!

  • Tweet
  • Facebook
  • Diggit
  • Delicious
  • Diggit
  • Diggit
  • Diggit

Related Posts


l

Leave a Reply

CommentLuv Enabled
Rss Feeds   Twitter Followers Email Updates

Archives



Tags

admin AJAX BuddyPress comments COMMUNITY CSS Design discussion E-Commerce email Fonts google Hacks Inspiration jQuery Music PHOTO Photography Photography Blog plugin Plugins Post posts Real Estate Real Estate Blogger Real Estate Theme real Estate Themes RSS seo spam Stats Theme Themes Tutorials Twitter Web-design widget widgets WordPress Wordpress Blog WordPress MU Wordpress Plugin Wordpress Plugins WordPress Theme Wordpress themes

Follow WordPress Arena

rss_32 facebook_32 twitter_32 Social_Email_RSS



Community News

Submit More

Popular Posts

 

Recent Posts

Copyright © 2010 WordPress Arena - Powered by WordPress

Friends

Recent Comments