Securing a Blog Against Hackers
Steps to Help Reduce the Likelihood of a WordPress Hack Attack
Aug 17, 2009
It is unfortunate, however, that its popularity is sometimes marred by individuals who make it their life's ambition to find security flaws and open back doors in order to hack unsuspecting WordPress blogs. WordPress blog hacks range from the occasional annoyance to the full fledged blogging catastrophe.
Take Steps to Protect WordPress Blogs from Hackers
Anyone blogging on the WordPress platform should implement certain safety procedures to reduce the likelihood of being hacked. Keep in mind that the following procedures will only reduce the likelihood of an attack. It does not create a 'hack proof' WordPress blog.
Keep WordPress Installation Updated
One of the easiest ways for hackers to gain access to a WordPress blog is through older versions of software with known security issues. Keeping WordPress up to date is a lot easier with the most recent versions of the software. It's as easy as clicking on the update link. When the blogger signs into the WordPress account, the software will indicate whether or not a newer version is available. If so, install it. Many times the newer version fixes bugs and security issues.
Hide WordPress Directory Contents
Within the WordPress directory structure, any folder that does not contain an index file, whether it's index.htm or index.html, will display the contents of the folder if someone navigates to the unprotected directory. To keep web surfers and potential hackers from viewing the content in folders, insert an index file in each folder.
If inserting an index file within each folder of a WordPress installation is too cumbersome, there is an alternative. The alternative requires adding one line of simple code to the domain's .htaccess file. The line of code is as follows:
Options -Indexes
Inserting the line of code accomplishes the same task as inserting the index file in each folder. It prevents web surfers from viewing folder contents.
Change Passwords Often and Create Secure Passwords
Many bloggers believe their blogs are insignificant enough where it doesn't make a difference how secure the password is. After all, why would hackers go after a blog with little traffic? The answer is, because they can. It doesn't always make a difference if the blog is popular or not. Hackers hack because they can.
Secure passwords contain upper and lower case letters in addition to adding a number and special character. Therefore, a password such as "PaS5#WorD" is much more secure than "password."
Choose WordPress Plugins Carefully
Sometimes WordPress bloggers must weigh the benefit of the plugin verses the potential of opening a back door for hackers. Do a little research on the plugin before installing it. Additionally, once installed, be sure to keep plugins up to date.
Remove Links to Wordpress.org.
Some hackers look for hackable WordPress blogs by searching for links to wordpress.org. Many footer files in WordPress templates link back to WordPress. Leaving the link in the footer makes it that much easier for the hacker.
Backup the Database and WordPress Files Regularly
While backing up the database and files will not prevent a hacker from accessing a blog. It does, however, make it easier to replace hacked files laced with malicious code. Having a backed up copy of the WordPress files makes it easier to restore the blog back to its original state.
It's unfortunate that bloggers have to spend so much time protecting their blogs when they would rather spend the time blogging. However, it's a fact of life when it comes to using WordPress and it's better to do what's necessary to reduce the likelihood of an attack on the front end and be able to restore the blog if necessary on the back end.
 |
