If you have a WordPress blog you need to be concerned with security just like you do with any website. Hackers are always looking for an opportunity to attack a site and your WordPress blog could be a target. Here are some essential tips to help keep your blog secure and hacker free.
Hide your login error messages
Error login messages could provide hackers with ideas about whether they have figured out your username and password correctly or incorrectly. It is a good idea to hide it from all unauthorized logins. Just add the following code in functions.php
add_filter('login_errors',create_function('$a', "return null;"));
Maintaining backups
Keep backups of your entire WordPress blog. This is just as vital as it is to keep your site secure from hackers. If the hackers are successful at least you will have a full backup files to get your site up and running again quickly.
Changing default “wp_” Prefixes
Your WordPress blog might be at risk if you are using the predictable wp_ prefixes in your database. Use the WP Security Scan plugin.
Prevent directory browsing
Another security issue is when your directories and all the files in the directory are accessible to public. Use this test to check if your WordPress directories are properly protected:
Enter the following URL in browser, without the quotes. “http://www.domain.com/wp-includes/”
If it shows blank or redirect you back to home page, you are safe. However, if you see screen similar to the image below, you are not.
To prevent access to all your directories, place this code inside your .htaccess file.
# Prevent folder browsing
Options All –Indexes
Keep WordPress core files & Plugins up to date
One the easiest ways to keep your WordPress site safe is to imply make sure your files are always current. Here are few ways you can do that:
- Deactivate & remove plugins not used – Unused plugin will eventually become outdated and can cause a security risk so it is best to delete them.
- Login to your dashboard frequently –When an update is available you will see a A yellow notification at the top of your dashboard. Login frequently and keep up to date with the most recent WordPress files. Subscribe to WordPress Releases RSS.
That’s just a few essential tips to keep your WordPress blog secure. There are plenty of others. Remember the more you do the less you are at risk.