Hackers are very familiar with the conventional file and directory folder structure of the blog platform and can attack it easily if the software is vulnerable. To prevent your blog from such attacks here are some important steps you can take for the WordPress CMS platform.
1) Keep your blog and plugins up to date
- The most current wordpress version provides superior built-in security to protect attacks. It is important to do keep updated with current versions and releases.
- Enable and install reliable plugins that are verified by WordPress. WordPress and other websites alert’s when there is a version update on a plugin in the admin panel of blog.
2) Backup your Database regularly: use the: Use the Plug-in: Database Back-up, it offers a daily or Weekly back up of your WordPress Blog. Just Activate the plugin and schedule backups.
3) Use Strong Password and abandon username ‘admin: Most of the WordPress Blogs have by default the username admin. This is one step closer to a Unsecured Blog. Create an uncommon username and keep the password strong. Change FTP login information periodically.
4) Protect comments from spam attack: Spam attack can add hidden malicious code from comment box to every page. There are many repercussions of such malicious attack, including your blog being banned by major search engines. A good way to protect blog from spam comment attack is to use Akismet Plugin. This plugin is recommended by WordPress. To stop spam attack while commenting, use Captcha Code plugin.
5) Change database prefix: Blog database contains numbers of tables with “wp_” prefix, which is a standard format for all blogs. To protect database from direct attack we should change prefix from “wp_” to something different like “wp7xPvLa_” – basically adding a custom prefix chosen by you. To get this done:
- Open wp-config.php file in editor and find for $table_prefix = ‘wp_’;
Change this prefix with custom prefix. In our example we have changed “wp_” with “wp7xPvLa_”; this change will apply automatically to all levels and pages.
- To change prefix for database file, use plugin: Wp-Security-Scan or Prefix Changer. It will help you to change prefix from WordPress admin panel.
6) Block WP- folders from being indexed by search engines; the best way to block them is through your robots.txt file by adding the following line on this file:
Always remember to take a complete backup of the blog source and database before applying any drastic changes to your blog. Applying the security measures listed above will help you’re your WordPress safe from hackers, scripting injections and malicious code.
Contributed by: Jaydev Mandaliya, Milestone Internet Marketing