14 Wordpress security tips and plugins ...

As a user of Wordpress, I am confident of its ability to keep my blog secure and efficient however there are always some loopholes which you can fix to secure your Wordpress websites or blogs even further. Here are some tips and plugins you can download to secure your Wordpress even further!

1. Using notepad create a file called ‘index.html’. Upload this file into your website’s plugins directory which can be found at /wp-contents/plugins/. Exploiting plugins is just one way for a hacker to perpetrate your website so placing a index file prevents the hacker from checking all your installed plugins. You can also do this for every other directory in your Wordpress.

2. Keep your Wordpress version up to date. New updates and versions of Wordpress are there for a reason. They fix security loopholes and flaws from previous versions of Wordpress.

3. Never reveal an important email address on a website. You make yourself vulnerable to spammers. If you would like your viewers to contact you, try installing plugins such as Contact Form 7 instead. They are easy to handle and use php coding to send you messages from viewers.

4. Password protect your wp-admin directory. Any attempts a hacker makes in accessing this directory will cause a ‘401 Unauthorized error’. A guide on how to do so can be found here.

5. Back up your database regularly. If anything serious was to occur then you can easily restore your website to its original state by using a backup. It is especially important to back up your mySQL database if you enable viewers to create user accounts on your website. Reputable web hosting services such as Bluehost should have features which allow you to back up easily.

6. Hide your Wordpress version number. As I stated earlier, if a hacker finds out that you are using an earlier version of Wordpress then he’ll find it much easier to hack into your database. To hide your Wordpress version number, Go to your template editor / click header.php and look for the following code and delete it.

    php bloginfo(’version’);

7.Prevent people from searching your entire server. By default, when someone searches your website using the search bar, they are able to search anything in your server. To prevent this, go to search.php in template editor and replace ” with .

8. Use SSH/Shell Access instead of FTP. It’s simply more secure because anyone start manipulating the information on the website once they get a hand on your ftp details.

Useful Security plugins

1. Bad Behaviour - Checks your visitor’s IP against The Project Honey Database and permanently bans anyone whose IP address matches ones in the database.

2. Semisecure login - Increases the security of the login process by using a public key for encryption.This plugin requires javascript and PHP.

3. Limit Login Attempts - This plugin blocks a user for 20 minutes after four attempts has been made to access an account. These values can be changed.

4. Secure Wordpress - Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.

5. Edit Comments - Edit Comments is a simple WordPress plugin that allows commenters to edit their own comments. To edit a comment, a user must have the same IP address as the user that made the comment and they must also make the edit within a specific time frame. The default edit time window is 30 minutes, but it can be changed easily in the plugin file.

6. AskApache Password protect - Plugin which adds some password protection to your WordPress Blog using .htaccess file. It not only protects your wp-admin directory, but also your wp-includes, wp-content, plugins, etc.

7. WP Security Scan - Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

 Original Source:
http://www.hkactivity.com/archives/532