Secure WordPress – 5 Security Holes You Should Fix Today

By Mark / April 29, 2013

secure wordpressOver 30,000,000 WordPress blogs have been hacked over the past few years.

If you are one of the people unlucky enough to have been hacked you’ll know how much of a problem it can be.

It’s not just the problem of restoring access to your blog, you may have to scan it for malware so that google and various browsers don’t block access to it.

You may get extra bandwidth fee’s,  This blog was taken down last week not by being hacked but by the attempt, it used up a months bandwidth in about 14 hours. Luckily I have my own server so I could adjust it as soon as i knew about it.  Hackers were using a brute force method of trying the Username Admin with a millions of different passwords.

If i’d have had a limit to the number of attempts in place they wouldn’t have been able to even try to access the blog continually

You can secure your blog very easily and block the 5 most common hacking methods

1 Change Your username

DO NOT use Admin as your username  anything is better, so if you log in using admin go and change it immediately

 2. Change the database prefix

Most wordpress installations use the prefix wp_ for each database, because of this it’s something that hackers can exploit. Change your prefix to something random

 3. Remove the WordPress version Number..

If a hacker knows what version you are using he knows the vulnerabilities, removing the version number stops him targeting specific exploits

 4. Change the login page

If a hacker knows that everyone uses the same login page then he knows where to attack. On the other hand If everyones is different he once again is at a disadvantage

 5. Set a maximum number of login attempts.

If i’d have done this last week then my site wouldn’t  have been down. Once set you  after 5 attempts the site it locked down for 30 minutes

Making these changes will help to protect you against many types of hacking, it’s the same as protecting against burglars if your house is well protected they will go elsewhere and look for easier targets. Very few hacking attempts are directed against specific sites . Hackers tend to cast a wide net and then target the areas they know they can exploit.

 

If You are a technophobe then you are probably having palpitations now.. never fear…

 

The video below shows you how I protected a blog in under 2 minutes if you can use a mouse you can secure your site.

www.youtube.com/embed/O2EOrgGyx5I?loop=0&autoplay=0&controls=1&modestbranding=1&showsearch=0&rel=0&showinfo=0&hd=0" />

 

Read More About Securing Your Blog – Click here

About the author

Mark

https://plus.google.com/me/posts

Leave a comment:

CommentLuv badge

3 comments
Steve Hards

I wish you had mentioned the Developer rights upsell – I might not have needed the Unlimited version too?

[Reply]

Mark
Twitter:
Reply:

I think the developr rights are an add on, to be honest i just breezed past them as i only wanted it for my sites

[Reply]

Reply
Enstine Muki

Hi Mark,
These are strong security points you have raised. I have applied about 4 of them and I think i should complete what I have undone.

thanks for sharing. WP blogs are getting attacked every now and then
Enstine Muki recently posted..$150 Paypal Cash Contest ~ Enter to win!My Profile

[Reply]

Reply
Click here to add a comment

Leave a comment:

CommentLuv badge