How to Protect Wordpress Blog From Hackers

**sam2009** · 06-05-2010, 05:55 AM

hi guys,
many people running their Autoblogs in this forum.but how to protect blogs from hackers?

**gregstereo** · 06-05-2010, 06:00 AM

Start with this scanner:

http://wordpress.org/extend/plugins/wp-security-scan/

Then read more here:

http://www.blog.web6.org/secure-wordpress-part-1/

There's lot of other sites about hardening your WP sites.

**voxclan** · 06-05-2010, 06:04 AM

I posted another tread about this

http://www.blackhatworld.com/blackhat-seo/blogging/202735-great-tutorial-protect-your-wp-now.html#post1797487

**M.A.D** · 06-05-2010, 06:05 AM

Changing the file and folder names so hackers can't find the standard wordpress footprint.
Most of hackers scrape serps for vulnerable blogs , as you would to blogs to do spam.
They look for standard file name like "wp-comment" or anything "wp" related in general.

Another simple thing is to create a htpasswd file to protect your login and core files.
You can't hack it, if you can't reach it, and there is nothing wrong with filling in your password twice.
http://www.askapache.com/wordpress/htaccess-password-protect.html
^can also exclude files.

Use at least vps hosting. Shared hosting sucks.
With shared hosting it isn't necessarily you that gets hacked.
It might be one of your neighbors.

This plugin sends you a email whenever a file is changed or accessed.
http://wordpress.org/extend/plugins/wordpress-file-monitor/

Use htaccess file to only allow acces to certain files from ip address.
To make login files only accessibility for your home ip.

Blank index.html in the plugin folder.

Login lockdown plugin, to stop brute force attacks.
User gets a certain amount of chances to login.
http://wordpress.org/extend/plugins/login-lockdown/

chmod, 750 on wp-config.php and xmlrpc.php(if your not using rpc post)

Admin ssl plugin;
http://wordpress.org/extend/plugins/admin-ssl-secure-admin/

Wp-security scan; (as mentioned)
http://wordpress.org/extend/plugins/wp-security-scan/

A theme checker;
http://builtbackwards.com/projects/tac/

No matter how much you try.
You will never be safe.
Always back up your stuff.

**new moon** · 06-05-2010, 06:07 AM

here is an article about that http://www.saidul.com/blog/16-important-wordpress-plugins-to-protect-your-blog-from-hackers/
hope that will help you guys bit

**sam2009** · 06-05-2010, 06:12 AM

Thank You Guys FOr such nice repply.

**M.A.D** · 06-05-2010, 06:13 AM

Wordpress it's own page on how to secure your blog.
http://codex.wordpress.org/Hardening_WordPress

**Wania** · 06-05-2010, 06:16 AM

Is it really necessary to perform all those steps?
I'm running a dozen of blogs with just standard installation, without any "security" tweaks and i've never had any security problems, as long as i keep wordpress up to date.

**Shooter** · 06-05-2010, 06:17 AM

It would be worth it if those blogs you have bring in a decent income. If you have a few that are fairly successful and someone with the knowledge to hack comes across it, they are likely do it. That doesn't mean people won't hack an unsuccessful blog, some people just like to screw with others even if it doesn't benefit themselves.

Here's a paid suite you can install

Code:

http://www.opensource-excellence.com/index.php?page=shop.product_details&flypage=flypage_new.tpl&product_id=2&category_id=6&option=com_virtuemart&Itemid=14&vmcchk=1&Itemid=14

**tridgeroy** · 06-05-2010, 06:18 AM

You may not have had any problems with your blogs as yet, but who's to say next week or next month your blogs will still be safe?

They didn't develop all those security plugins just for the fun of it; the security plugins are there to protect your blogs.

Thread: How to Protect Wordpress Blog From Hackers

LinkBack

Thread Tools

Display

How to Protect Wordpress Blog From Hackers

Bookmarks

Bookmarks

Posting Permissions