9 easy ways to secure your WordPress blog

This article outlines 9 different ways you can secure your WordPress blog/site. Security is often an overlooked aspect of blogging, but a few minutes making sure things are secure can save you hours and hours of ‘fixing’ if someone decides to mess with your site.

  1. Download and install the wp-scanner plugin. It performs he following security checks:
    1. WordPress Version Check (currently supports 7 version checks). Future releases will include a file existence version check, for those blogs that have removed their version details.
    2. Tests the WordPress theme template for basic XSS vulnerabilities
    3. Enumerates WordPress Plugins. Future releases will perform additional tests in this area.
  2. Another plugin to install is Login LockDown. It records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. It’s very straight forward and easy to use – I give it a big thumbs up.
  3. Arguably my favorite WordPress security plugin is AskApache Password Protect. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder. And it does that by automatically creating and picking all the right settings for the .htpasswd and .htaccess files (including the save locations), but you can easily change those settings to anything you want, right from your WordPress Admin Panel.
  4. From Matt Cutts presentation – remove the tag in your header.php that displays the current version of WordPress. It’s:

    <meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” />

    Or, you can just modify it so that the version number isn’t displayed, to something like

    <meta name=”generator” content=”Powered by WordPress” />

  5. Again, from Matt Cutts – put a blank index.html file in your /wp-content/plugins/ directory. By default, you can actually view the contents of this folder, so everyone in the world knows which plugins you have installed.
  6. I won’t bother with the “always use the latest version of WordPress” tip, because that’s just too obvious. However, I will mention that the Automatic Upgrade Plugin can keep your version of WordPress current, and you don’t have to do anything other than install it. I happen to prefer to upgrade WP manually, so I don’t use this one, but I’ve heard nothing but good things about it.
  7. If you have a ‘contact me’ page, make sure it’s a secure one. No one likes spam. Secure Form Mailer is great.
  8. Keep your web server updated. Though this isn’t WordPress specific, no matter how secure WordPress is, if there’s a vulnerability in your actual web server, it won’t matter. So keep an eye out for updates to your web server (ie. litespeed, Apache etc).
  9. Consider bookmarking http://blogsecurity.net (or subscribing to their RSS feed) – they have some great posts and provide info on insecure plugins etc as soon as they find out about them.

39 thoughts on “9 easy ways to secure your WordPress blog”

  1. Pingback: Iron Wil » Blog Archive » WordPress Protection - No, I don’t mean Maffia

  2. Pingback: Site Update - Don’t panic we’re still here and working hard..

  3. Pingback: Link Sharing, 9/19/07 » Webomatica - Technology and Entertainment Digest

  4. Pingback: 13 Ways I Protected My Blog From Attacks : Elaine Vigneault

  5. Pingback: RodeWorks » WordPress security — what you can do

  6. wow, thanks so much for these. I hadn’t heard of any of those plugins and I work with WP a lot. I really like the AskApache plugin. thanks again!

  7. Pingback: Secure WordPress - How to prevent your blog from being hacked

  8. Pingback: GUYA.NET » Blog Archive » My blog has been hacked

  9. Pingback: 5 Useful WordPress Posts | Port 16

  10. Pingback: phipster » Blog Archive » Secure your Wordpress Blog

  11. Pingback: The end of the 90DC for me - probably - Internet Marketing Forums

  12. Pingback: Step By Step Guide for WordPress Total Security (Hacker Free) what would you pay ? - Page 2

  13. Pingback: Check Your Wordpress Security | Online Marketing | Search Engine Marketing | SEO | PushON blog

  14. Pingback: How to Secure Your WordPress Website :: Christopher Ross

  15. Pingback: Datensicherung für WP-Blogs? « Grautigers Spielwiese

  16. Pingback: RodeWorks » Blog Archive » WordCamp Ed: Northeast Speaker Presentations

  17. Pingback: 9 easy ways to secure your WordPress blog

  18. Pingback: 9 easy ways to secure your WordPress blog – Simple Help « wp-popular.com

  19. Pingback: Configure the Settings on a WordPress Blog (Tutorial)

  20. Pingback: Securitate sporita pentru WordPress | Cine Sunt ?

  21. Pingback: http www problogdesign com wordpress 11 best ways… | Benwork

  22. Pingback: Check Your WordPress Security

  23.  Complete your pre-discharge financial management course within 45 days of the first scheduled Meeting of Creditors.

  24. Pingback: Check Your WordPress Security - PushON

Leave a Comment

Your email address will not be published. Required fields are marked *