Secure Your Wordpress Blog

Many famous blogs have been hacked and defamed before. To avoid the same disaster from happening to your own blog, you can try the tips below to make your Wordpress blog more secure, at least from the view of script kiddies. Tip 1 :Remove Wordpress ‘version string’ in your theme files 1. Go to Wordpress dashboard, click on presentation -> edit themes -> header.php 2. Find and remove this. bloginfo('version') Save the file. Explanation: Hide the version number of your Wordpress such that it will be hard for hacker to find security loopholes for the specific version of Wordpress. Tip 2 :P lace empty ‘index.html’ file in the plugins folder 1. Open Notepad. Click ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files) 2. Upload the file to Wordpress plugins folder in your web server. Explanation: Hide the plugins used by your Wordpress blog. It uses the same concept as above which is to hide security loopholes in the plugins. Tip 3: Upload a copy of .htaccess file in the wp-admin folder 1. Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla) 2. Go to your wp-admin folder 3. Upload the .htaccess file you’ve downloaded just now. Explanation: Prevent files in wp-admin from being accessed by hackers by limiting the access to this folder by IP address (means that the access is limited to the server owner/user only). Thanks to ro.botys for passing us the three Wordpress security tips. You can also disallow users pretending to be search engine/ search engines from crawling the core Wordpress folders by putting these in your robot.txt file (upload the file to root of your Wordpress installation folder when you’ve finished). # This rule means it applies to all user-agents User-agent: * # Disallow all directories and files within Disallow: /wp-admin/ Disallow: /wp-includes/

Posted in: tutorials