Tips to protect your Wordpress installations

Tags: WordPress installation

Do you think WordPress is vulnerable to hacking? Well, many developers think so. They feel that hackers can very easily access a WordPress administrator account.   But believe me, if you start worrying about hacking you will have to worry about every online account that you have. A hacker who is well aware of all the latest web technologies and who is highly resolute, can hack all the weak, vulnerable and improperly handled online accounts that you have, and not just WordPress.

Hackers and spammers can maliciously get in to any weak and poorly managed website and very easily change the content in it.  They can also sneak bad links to the content, and can place phishing website links in to the file structure. Website owners will know about these malicious only when Google, PayPal or bank contacts them.

In the case of WordPress accounts, you cannot escape such attacks just by changing the passwords. Because the fist step of a trained will be the installation of file-browsing plug-in. This will allow them to create additional, malicious, WordPress administrator accounts, or place bad images or text on your website.

Here are some safety measures which can be used while doing WordPress installation. These methods will help you to avoid malicious attacks from hackers.
•    The MySQL database names used should be very strong. Most of the experienced web developers recommend the use of new database for each WordPress installation that you do. I do agree that WordPress can install tables in an existing database, but it is always good to have a new database.

•    Use of strong user IDs and passwords are essential in WordPress installation. Avoid naming your database with weak user IDs and passwords which are easy to be hacked. As they are set only once, you can make it a little complex so that hackers don’t find them out easily. Those who forget user ID and password can check the details given in wp-config.php.

•    Try to backup your database regularly. You can automate the process so that you don’t forget it.

•    Changing the prefix will help you to avoid SQL injection queries and related attacks.

Security after installation:

•    You should lock down your wp-config.php as wp-config.php contains a lot of vital information about your WordPress installation.  Only you should have access to all these details.

•    Prior to the third version, WordPress used “admin” as the permanent user ID of the administrator account. The option to change this ID of the administrator account was given later, with the developemnt of WordPress 3 installer. But some of the website owners might not have noted this. If the hacker comes to know about this, he can easily guess the password of your account. A hacker can easily define a new account and then delete yours.

•    Remember to use strong and ‘unhackable’ passwords too.

•    Try to restrict access to your IP address. Those who have a few WordPress users who frequently access the administration panels can do the necessary things to restrict the access of your account to those specific IDs.

•    Try to remove references related to WordPress from the theme. The hacker thus won’t know easily about your WordPress account. You should remove all the details including details about CMS.

•    Update your WordPress account regularly.

•    Find out and install some worthy WordPress security plug-ins. You will get a wide a collection of security plugins for WordPress from the WordPress websites. But try to check and test the code properly deploying it to your live server.

There are a lot more to discuss about WordPress administrator security measures. I will come-up with another blog about WordPress soon.

Comments and Feedback

Post your Comment

Type your comment here*


 

Verification Code Image

Back to Main Top of Page