6 Steps to Secure Your WordPress Blog

WordPress is one of the popular Content Management System used by millions of website and blog owners. Many people use this platform, including hacker with a malicious intent, so there is a big security issue. You should keep secure your WordPress blog from hacking. You can use different WordPress plugins, change some settings and code to secure WordPress Blog. So here I’m sharing some tips and tricks to keep your WordPress Blog secure from hacking or any damage. Follow these 6 steps to secure your WordPress blog.

1. Update WordPress, Themes and Plugins

Keep WordPress up to date is one of the most important and basic security issues for a WordPress site or blog. You should update WordPress when new updates available. In every update, WordPress update their coding for several issue like to improve user experience, improve security, make more user friendly, add features and much more. So never delay to update your WordPress to keep secure your WordPress Blog.

Different people like to use different theme for their site/blog, but you should choose a perfect theme for your blog which is secure, user friendly and free from hidden links. Theme owners update their themes if they find any security issue or add some features. So when your themes new update available, then you must update your WordPress Theme.

Plugins are one of the important fact for WordPress Blog because we use different plugins to make our blog more user friendly, add features, keep secure etc. But Plugins is a big issue for security when you use backdated plugins in your blog. Many hackers use these backdated plugins to hack blog so keep all WordPress Plugins up to date.

2. Use Strong, Unique and Complex Password

Password is another important fact for the WordPress security issue. Many people use simple password for their blog like their name, birthday, phone no etc. Some people use more simple passwords like ‘abcd123’ or ‘123456789’. If you use a simple password, then anyone can login your account after trying sometimes. So use a complex, strong and unique password. Make password using special character like ‘@#$*&%’. An example of a Strong and Complex password is ‘Ga12$%06HYq^~!wo’.

You can also use Limit Login Attempts and Login Lockdown Plugins to keep secure your blog. You can set login attempt times by Limit Login Attempts Plugin and Login Lockdown keeps record of all fail login attempts IPs. When a specific number of the failed attempts from a specific IPs then the IPs automatically will be blocked.

3. Delete Default Admin User Account

When you install a WordPress 1st time, then you will see the default user name is ‘admin’ if you do not change it during installation. This is one of the critical security issues for WordPress blog because when someone want to hack your blog, at first they will the user name ‘admin’ because it’s common. So delete the default user account and create a new admin user with complex user name and password.

4. Hide WordPress Version and Delete License and Readme file

 To keep secure your blog you must hide your WordPress Version. You can easily hide WordPress version. Just go to Appearance => Editor => functions.php and paste the following code  and click save

<?php remove_action(‘wp_head’, ’wp_generator’); ?>

License and Readme file also important for WordPress Security. So delete these files easily. Just go to your Cpanel and then go File manager and Delete readme.html and license.txt file.

5. Disable Password Recovery Option

Hackers may target your wp-login.php page to hack your blog. So keep this file secured by disable “Lost  your password Option”.

Open wp-login.php file with notepad or Dreamwever and find the following code

<?php _e( ‘Lost your password?’ ); ?>

Delete this line and find the following code

<form name=”lostpasswordform” id=”lostpasswordform” action=”<?php echo esc_url( site_url(

‘wp-login.php?action=lostpassword’, ‘login_post’ ) ); ?>” method=”post”>

<p>

<label for=”user_login” ><?php _e(‘Username or E-mail:’) ?><br />

<input type=”text” name=”user_login” id=”user_login” value=”<?php

echo esc_attr($user_login); ?>” size=”20″ tabindex=”10″ /></label>

</p>

<?php do_action(‘lostpassword_form’); ?>

<input type=”hidden” name=”redirect_to” value=”<?php echo

esc_attr( $redirect_to ); ?>” />

<p><input type=”submit” name=”wp-submit” id=”wp-submit”

class=”button-primary” value=”<?php esc_attr_e(‘Get New Password’); ?>” tabindex=”100″

/></p>

</form>

<p id=”nav“>

<a href=”<?php echo esc_url( wp_login_url() ); ?>”><?php _e(‘Log in’) ?></a>

When you find those lines, delete these and find the following line “Please enter your username or email address. You will receive a link to create a new password via email” and delete.

6. Hide Plugin Directory and WP-config. PHP file

Plugin directory also important for the WordPress security issue, so hide plugin directory. To hide plugin directory add the following code to .htaccess file

# disable plugin directory browsing
Options –Indexes

To hide WP-config. PHP file, add following code .htaccess file

<Files wp-config.php>
order allow,deny
deny from all
</Files>

Final Words

There are also some plugins and techniques available to make a secure WordPress Blog but above tips and tricks are enough to keep secure your WordPress blog.

Have I missed any important tips? Please let me know by commenting below and don’t forget to share this post with your friends if you like this. You can also subscribe BloggingShout to Get More WordPres Tips and tricks.