mat t hewwo o dward.co .ukhttp://www.matthewwoodward.co.uk/tutorials/how-to-improve-wordpress-security-pro tect-your-blog-from-hackers/

Matthew Woodward

How To Improve WordPress Security & Protect Your Blog FromHackers

If you haven’t done anything to improve WordPress security then you havenever had to learn the hard way.

I learnt the hard way a couple of years ago when I woke up to f ind one of myauthority sites had tanked out of the SERPS losing out on 10,000 visitors aday.

That equated to nearly a $12,000 / £8,000 loss in af f iliate commission…

Af ter a bit of investigation it turned out someone had hacked the blog andcreated thousands of spam pages hidden f rom normal view and turned it intoa cloaked link network.

That was enough f or Google to slam the site even though it looked perf ectlyf ine to the naked eye, even when logged in as admin!

It took me a f ew days to undo the damage due to my lack of backups (they injected C99MadShell code intoevery f ile) and a f urther 3-4 weeks f or the recovery in Google.

All of this could have being avoided if I had just spent 10 minutes improving the security of the blog.

The irony is I had read and ignored plenty of articles just like this one ^^

WordPress it is a prime target f or hackers no matter how big or small your site is. Check out the latest threatshere and you’ll see what I mean.

What You Will Learn

How to improve WordPress security

How to protect against hackers

How to automate backups f ree of charge

How to scan your site f or malware

How to automatically monitor your site

Automatically Backing Up Your Site

First things f irst – make a backup of your site right now!

Having regular backups makes it easy to recover f rom hacks – in f act you can restore your entire site in just 1click.

It is also handy to make a backup bef ore making any signif icant changes to your site such as installing a newplugin or upgrading WordPress.

My host does this automatically f or me and provides a great control panel but if your host doesn’t then don’tworry.

There are many paid backup plugins available but all you need is the f ree BackWPup plugin.

This will back up your site, the database and all of the f iles including everything in WP-Content into a single zipf ile.

It will then automatically upload the f ile to an FTP server, Amazon S3, Dropbox, SugarSync or a bunch of otherservices.

You can even setup a dedicated f ree Gmail account and get the plugin to email the backups to you! Gmail isgreat f or storing your site backups!

Install the plugin and ensure you are doing daily backups!

Want more great tutorials like this? Just enter your email and click “Sign Me Up!”

Remove WordPress Version

By def ault WordPress will tell you which version of the sof tware it is running in the source code.

The problem with this is when hackers discover a vulnerability it makes it very easy f or them to get a list ofblogs running the vulnerable version to attack.

To remove it, just login as admin and go to Appearance > Editor > Functions.php and add this line of code atthe end bef ore the closing ?> tag-

remove_action('wp_head', 'wp_generator');

Block Directory Browsing

Usually if you browse to a specif ic directory you can view all of the f iles in that f older, just like when yourbrowsing through f iles and f olders on your computer.

To stop the server f rom listing the f iles in a directory you need to add 1 line to .htaccess

Open up the .htaccess f ile in the root of your site (where the wp-conf ig.php f ile is) and add this line-

Options -Indexes

Update WordPress & Plugins

New hacks and vulnerabilit ies are discovered all the time which is why it is important to keep up to date withboth WordPress and plugin updates.

Make sure you keep both updated regularly!

It is also a good idea to make a backup of your f iles and database bef ore updating anything just in case itbreaks!

Delete Unused Themes / Plugins

While unused themes and plugins don’t interf ere with your blog directly, if the plugin or theme is hacked (thereare thousands of these in the of f icial directory) then hackers can still access it.

So if you have any unused plugins and themes, delete them! This will not only improve security but help tospeed up your site as well.

TimThumb Vulnerability Scanner

TimThumb is a popular script that is used by a lot of themes to resize images f or thumbnails and so f orth.

The only problem is this script had a huge bug which lef t the door wide open f or any hacker.

The other problem is this is used by a lot of themes & plugins, meaning they come with a built in hacker f riendlyback door.

This is the back door that was used to hack my authority site.

To check if your theme is at risk, install the TimThumb Vulnerabilt iy Scanner.

That will scan your blog f or any old versions of TimThumb and allow you to update them in one click if youneed to!

You can uninstall the plugin once you have done that.

CloudFlare

CloudFlare of f ers a f ree service that helps to protect and speed up any website.

This actually works on the DNS level and helps stop hackers in their tracks bef ore they even reach or see yoursite.

Here is how it works-

It only takes a f ew minutes to setup and will of f er decent protection. There are paid options available but youwon’t need those f or the most part.

Install A Security Plugin

As well as the tips above you can improve WordPress security and protect f rom hackers by installing a plugin.

The Better WP Security plugin helps to protect your site in a number of ways-

Removes the WordPress version

Changes the URLs of the login and dashboard pages

Renames the def ault admit account

Changes the WordPress database table pref ix

Removes login error messages

Protects your sites f rom hacks

Scans your site f or vulnerabilit ies

Automatically bans bots and hackers

Improves server security

And a whole bunch of other stuf f ! It does also have an automatic backup option but this only backs up yourdatabase and not your f iles, so please see the separate backup section f or that!

Install A Firewall

Alongside a security plugin you also want to install a f irewall that will block any attacks f rom SQL/Java injection.

The OSE Firewall plugin has you covered!

The combination of the f irewall and the Better WP security plugin is a great setup!

How To Monitor Your Sites Security

There are a number of f ree services we can use to monitor our site f or hacks and downtime.

Sucuri Sitecheck

The f irst one is the Sucuri Sitecheck scanner which will check lots of URL’s across your site f or a range ofthreats.

This covers everything f rom malware to checking if your site is blacklisted anywhere.

Pingdom

The f ree account at Pingdom will check your site every minute f rom a range of locations.

You can get notif ications of downtime via email, sms, Twitter, iOS or Android which is very handy indeed!

In f act if you manage a bunch of site the Pingdom mobile app is f antastic – I highly recommend it!

Change Detect ion

The Change Detection service is simple in f unction but amazingly handy!

All it does is monitor pages f or changes and if a change is detected it sends you an email!

You can use it to make sure your alerted of any changes to your site. It ’s also great f or checking when popularitems are back in stock on websites ^^

Have You Improved Your Blogs Security Yet?

For your own sake please do not ignore the advice in this article.

You do not want to learn the hard way like I did – heck I didn’t have the basics of regular backups in place whenI was hacked!

If you don’t take this issue seriously you will have problems in the f uture.

It doesn’t take long to seriously beef up the security of your site, so what are you waiting f or?

Don’t regret ignoring articles like this like I did! Take action NOW!