How to secure a WordPress blog

6 replies
Somebody thinks it is great fun to hack one of my WP blogs delete the content and put a page on it like: "this page is hacked by me!!"

What steps kan I take to keep those people out?
My blog is hosted by hostgator.
#blog #secure #wordpress
  • Profile picture of the author dvduval
    The best way is to avoid adding plugins.
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[801392].message }}
    • Profile picture of the author ONOFFMarketing
      Originally Posted by dvduval View Post

      The best way is to avoid adding plugins.
      I would have to agree with that.

      There are many developers out there that develop free plug-ins that turn out to cost way more than "free" in the long run.
      {{ DiscussionBoard.errors[801409].message }}
  • Profile picture of the author kentaiwan98
    ban the offender's IP address using Lester Chan's WP-Ban plugin.

    Works well.
    Kenneth
    {{ DiscussionBoard.errors[801528].message }}
  • Profile picture of the author Tyrus Antas
    Always update your wordpress instalation to the latest version. As for the plugins dvduval is right. Very few programmers who develop wordpress plugins actually take care with issues like security. Worse: because people sometimes have dozens of plugins installed, they won't even care to see if there's any security issue with them. It's just too much work...

    Tyrus
    {{ DiscussionBoard.errors[801545].message }}
  • Profile picture of the author SteveJohnson
    1. Make sure you're running the latest version of WP (currently 2.7.1)
    2. Get rid of the 'stock' admin acct. Create a new account with more secure username and password. Follow these directions: http://ilikewordpress.com/146/wordpress-security-tip-1/
    3. Set your themes folder permissions to 644
    4. Password protect your admin folder.
    5. Change the name of your plugins folder. Latest versions of WP allow you to define a constant in the wp-config file to set the name of the plugins folder. Plugins should be written to use this constant instead of hard-coding the plugins folder path. Discard any plugins that fail to work after you make this change; they're not security-conscious.

    There's more you can do, but that'll get you started.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[801654].message }}
  • Profile picture of the author femkeshe
    Tx guys,

    I'm gonna work this list through, and see if it is enough. Hope so cause I don't really like all that porn on my site. Did get a load of visitors, though. I guess porn interests a lot of people.

    f.
    {{ DiscussionBoard.errors[807222].message }}

Trending Topics