How to secure your WordPress blog

Life as a blogger is hectic enough. The risk of hacking is the last thing you would want on your plate.

Not to miss mentioning the pain and agony of having all your hard work go down the drain. So, the best way is to prevent the calamity through protection.

How to protect your beloved blog? We tell you how in this article.

To begin with, WordPress is one of the world’s widely used Content Management Systems (CMS). it is the platform chosen by web sharks like Facebook, Mozilla, eBay, CNN, to name a few.

Sadly, it is also the favorite play arena for hackers. According to a study conducted by WPwhitesecurity, at least 70% of WordPress installations are hacke-prone.

But, you can keep your website hack prone with these security shield hacks that experts advise.

Secure your login

If you have set ‘admin’ as the default username for your WordPress blog, you are one among the million WordPress admins whose block can be easily hacked into. The username ‘admin’ is easily guessable and hence can be broken without breaking a sweat.

Think of a better username. A username that you can easily remember but someone can never guess about. Secondly, consider setting the login page with a captcha to prevent bots or virus programs from finding their way into your system.

Hide or change admin URL

WordPress provides a default admin login URL which goes like: yoursite.com/wp-admin. However, admins can modify the login page URL to something else so that it is beyond the reach of hackers. In a way, it is like hiding the gateway to your blog.

You can change the admin login URL manually or use a security plugin to do it. Most security plugins also come with the option to change your login url to a custom one. Try WordPress’ very own Wordfence to set a custom admin login URL.

Enable Two Factor Authentication

What if your password is stolen? Anybody can gain access, right? Well, not exactly if you have put in place two factor authentication.

Two-factor authentication will demand an additional token or one time password other than your preset password. The token or password is usually received as an one time password on your phone, or as a hardware USB key as Facebook has recently provided. This ensures that anybody who has stolen or got your password is unable to access it.

How two-factor authentication works:

Block suspicious IP addresses

A particular IP address popping up repeatedly on the failed login attempts is not a good. Genuine users know how to sort out the forgotten password issue. In other cases, it could probably be hackers trying to break in using multiple username or password attempts.

It is better to spot and block such IP addresses than take the risk of letting them inside the system. You can use settings in your C-panel or use WordPress security plugins to block suspicious IP addresses.

 Configure WordPress security plugins

WordPress security plugins provide all necessary features required to protect your blog from hackers. They come with essential features like vulnerability assessment, malware scanning, DDoS protection, etc. that keep your blog safe and secure.

You can pick a good security plugin after considering factors like:

  • Download count
  • Average user review
  • Update frequency
  • Pricing

Wordfence, iThemes, Sucuri are some of the top names in WordPress security plugins. There are still more options available in the market you can consider for your WordPress blog.

Upgrade the latest version

WordPress releases updates and security patches to plug the security lapses in the previous versions. So, make it a point to update your WordPress CMS on a regular basis.

Also, update all WordPress plugins and extensions that you are using. According to security pioneer Sucuri, 25% of the WordPress security compromises occurred during 2016 were due to 3 outdated plugins – RevSlider, GravityForms and TimThumb.

 Luckily, updating WordPress is not rocket science. There is an in-built provision which will notify admins as soon as an update is available. The latest versions of WordPress come with background automatic update which spares all effort from your part.

As for plugins, check if they provide facility for auto updates. Plugins like Yoast SEO come with a ‘turn on’ ‘turn off’ feature that makes updating the plugins a smooth affair. You don’t have to meddle with updating each plugin individually each time.

Keep your version details private

By default, most WordPress websites show the version that it is running. Contrary to common knowledge, this can be used by hackers to break into your website.

The ideal thing to do is to stop letting the world know the version number you are running on. Secondly, delete the readme.html from the WordPress installation directory which also reveals the WordPress version of your website.

In case if you are using any WordPress themes of plugins that also exhibit your version number, you need to disable that too.

Backup blog regularly

Although extremely rare, it is quite possible that data can be lost while updating to a new version or while removing an extension. To avoid such calamities from rocking your blog’s existence, the ideal thing to do is to take regular backups.

Backups ensure that you have an entire copy of the blog’s content to restore if something goes wrong. Make it a point to backup database and files to restore the blog to previous form. There are also plugins like BackWup which take backups automatically and sends the backup files as an email to your preset mail id.

Opt for encryption

 HTTPS encryption is proven to be the best way secure any blog and WordPress platform is no exception to it. In fact, WordPress has even made HTTPS encryption mandatory for all WordPress websites from 2017. This means you must mandatorily configure your website with  SSL certificate. It will not only secure your website from infiltration but also breed trust in the minds of users.

To Wrap it up

WordPress blog security does not happen very easily. Unless you enlighten yourself how to set the right security parameters that will thwart suspicious logins and hack-in attempts, things can go wrong terribly.

With these WordPress security tips, your blog will remain at mint condition safe and secure from the hacker’s reach.

You may also like –

One Response

  1. Gagan April 24, 2017

Add Comment