These days everyone from savvy professionals to total beginners are using blogs to build and promote their businesses. In fact many times a blog can be the core platform for a venture. The most popular blog software at this time is WordPress, probably because it’s free, user friendly, and provides loads of benefits and options.
While even less technically proficient users can operate a blog with only a small amount of study, the issue of security requires a bit more skill and knowledge than everyday blogging. The sheer number of blogs currently online makes any WordPress site a tempting target for hackers. Also, because a blog works on a secure login utility you’re automatically dealing with more potential problems than a static Website. This article will walk you through the straightforward but essential basics of securing your WordPress blog.
#1 Basic Anti-Spam Protection
Your WordPress install includes the Akismet spam fighting plugin. Be sure to activate this software right away and it will eliminate the vast majority of spam comments your blog receives. Just navigate to the Plugins page, find Akismet, and click the ‘Activate’ link.
You’ll then need to register at WordPress.com to acquire your API key.
#2 Remove Outdated or Unused Software
If you have outdated or unused software just sitting on your server, delete these right away. Hackers can use old applications to gain access to your entire site; if you remove all such options you’ll stop this sort of attack before it begins.
A lot of hosting accounts will load you down with so-called “bonus software” that amounts to a bunch of old scripts that run counters and other gizmo applications. This can be a nice gesture if the software is current but a lot of the time this stuff is turn of the century freeware that presents a serious security risk; I recommend looking for updated versions of any such resources and dumping those which can’t be upgraded.
#3 Keep Your Blog and Other Software Updated Regularly
Be sure you’re updating both your WordPress blog, and any other software your site runs, often and correctly. Many times software developers release new versions because of improved security features, or after enough hackers have cracked the older system. If you lack the technical skill to upgrade your own software hire a Webmaster to tackle this for you.
I urge you in the strongest possible way not to cut corners in this area. You’re far more likely to be hacked if you refuse to keep the current applications running.
#4 Basic Directory Security
Don’t keep a lot of unused directories or folders in your public HTML directory. For instance, if you’re not using any CGI programs you should go ahead and dump the cgi-bin folder most hosting accounts have by default. Empty directories on the server are another potential backdoor cyber prowlers can use to get into your site.
A simple method for tightening security on your image folders and other directories that run scripts is to simply upload a blank index.html file. This way anyone who tries to directly access the folders in a browser will run into your blank page.
#5 Some Basic WP Plugins to Help With Blog Security
Here are my recommended WordPress plugins for security purposes. To install a plugin on the latest version of WordPress simply go to Plugins > Add New and search for teh plugin. Then install and activate through there.
Be sure you take the time to read the individual instructions for each plugin. If you find something totally over your head ask for help before proceeding.
This plugin prevents people from fiddling around with your login portal until they can guess your password. By default the plugin will lock an IP address out after three failed attempts in a five minute window. Not only will bored amateur hackers be kept at bay, automated software that finds your blog and attempts to use “brute force password discovery” will also be thwarted. You can use the options menu to configure your ideal time frame and number of failed attempts for activating the lockdown.
This extremely useful plugin will scan your entire blog installation and make a few summary recommendations for improving the state of security. Example suggestions include better passwords, corrected file permissions, and even database security.
Not only will this tool keep you flying right, it’s a very handy way to learn the ropes of preliminary site security. When you activate and run this device you’ll see a repeat of some of the items I’ve mentioned here plus a few new things you probably haven’t thought of yet.
Secure WordPress will remove problematic elements from your blog software, add new files where needed, and tackle a few other essential functions for you. Definitely take the time to thoroughly read the instructions for this plugin as there’s a lot going on here.
Take action on these basic five steps and you’ll be far less appealing as a target for online troublemakers and hackers. Like pretty much all other criminals, most hackers tend to look for easy marks. The simple fact that you’ve put forth a competent effort will cause the majority of drive-by intruders to lose interest and move onto an easier target.
5 thoughts on “Five Easy Ways to Secure Your WordPress Blog”
Wp-spamshield is the best plugin i have found for spam. Also Wordfence Security is fantastic for securing your WordPress website. Great article also.
Thanks for the tips!
Really great tips and i will definitely follow these tips. And hope it will be helpful for me. Thanks for sharing.
Wow Joel, this is great info. Now for us not so technical people like me. When it comes to #4 and the CGI programs. I just have a folder with my pictures on my PC. I do have a good sercurity sytem on my PC, but is there more I need to do?
Tell you one thing I would be lost with out all your good technical information. Thank you very much for the help.
Blessing to you,
I would backup your photos to a DVD or CD just so you have them elsewhere in case your computer completely crashes. I’d hate to lose all my photos!