3 Easy Ways To Protect Your WordPress Blog
|January 14, 2013||Posted by D. Dixon under WordPress Blog Security|
Having your WordPress blog go down is one thing. Having it go down because someone tried to hack into it and take it over…well, that’s a whole other kind of frustration. Unfortunately it’s a reality that many of us, myself included, have to face and prepare for. While there is no way to definitively stop an intrusion, there are a few things bloggers can do to protect their sites
1. Change Your Password Periodically
I recently had a situation where my blog went down because some of the configuration files were mysteriously altered. This screamed to me “hack.” As a precaution, I changed my blog password. I strongly encourage bloggers to make sure there passwords pass the complication test by including different cases (upper & lower), numbers and special characters.
2. Make sure yourWordPress plugins are updated
Whenever I go in and see that little black and white indicator telling me that I have updates available I do that immediately. The reason why plugins are updated is because the developers have addressed vulnerabilities which could include security. One of my criteria for activating WordPress plugins is seeing that they were updated recently. I have had experiences where plugins have crashed my site and I’ve been even more cautious since then. When I see that a plugin is compatible with the latest version of WordPress I see that as a signal to add it to my list. This applies especially to security and currency related plugins, two categories where you don’t want to be on the wrong side of technology.
3. Install a WordPress Security plugin
I got this piece of advice for one of the tech support reps after I explained my situation. He told me that he installed the WP Security plugin and has so far had no issues. I checked it out and realized just how hefty it was.
First off, the standard color coded messages makes it easy to understand. If you have an immediate security problem (in red), just click on the “Fix it” link and you’re taken to the section to do just that.
In addition to protecting your site from basic attacks with one click, it offers to hide your backend by changing your slugs. Anyone who has a WordPress blog knows that the login screen is more often than not located at “yoursite/wp-login.php” Guess what? “Anyone” includes hackers as well. So by changing your URL slugs as well as some other special file paths, you add an extra layer of security by taking away the obvious choices.
If you’ve found a security plugin that you like, don’t go hog-wild. You may think that making all of those changes will make your site hacker-proof but if you make the wrong changes, it can make your blog “you-proof.” So here are some other tips to remember.
- Make security changes in phases and keep track of them so that if something goes wrong, you can retrace your steps.
- Whitelist your IP address so that you will always be able to access your WordPress blog.
- Limit the number of times intruders can try to attack your site and make sure the are added to your ban/blacklist
- Follow directions to change files. If your WordPress security plugin is asking you to make changes to certain backend files that are vulnerable, make sure you follow their direction precisely.
- Consult your webhost tech support specialists because when things go wrong, they need to be up-to-speed so that they can help.
- Keep an eye on your blog. If you are having trouble getting in or things aren’t working well, contact the developer and ask for guidance.
Keeping your WordPress blog secure is essential if you are using it to generate income. You’ve worked hard on it so protect what is yours!
Have any additional advice for keeping your WordPress blog site safe?