The Content Provided on HackClarify are Only for Security Awareness & Educational Purposes Only, Hackclarify is Not Responsible for any Harm Done!
Place Your Ads Here By Requesting Using The Contact Form
Add to Google Reader or Homepage Add to Netvibes Add to Yahoo! Subscribe in NewsGator Online Add to My AOL

Secure your blog running on Wordpress




 

Hackers are the people like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break a website,but there is a term Ethical Hacker, which are the hackers who increase Security.  they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website .


As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure:


Secure WP-Admin By IP

Let suppose if someone can get the ability(username & Password) to enter into your website WP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction. 

Order deny,allow
Deny from All
Allow from 123.456.789.0 
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX


Protect WP-Config.php File

WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of your website.

Access .htaccess file is located at the root your WordPress installation open it and paste the following code.

order allow,deny
deny from all


Hide WordPress Version Number

You must hide the version of your wordpress because an attacker may find the available exploit by searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it.

This tag is in the header.php file that displays your current version of wordpress

Copy and paste the code in the functions.php file of your theme and than you are done.


remove_action('wp_head', 'wp_generator');

Remove Error Message From Login Screen 

This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code.

add_filter('login_errors',create_function('$a', \"return null;\"));


Some Other Security Tips

Use your mind because mind is an essential part to secure yourself on the jungle of web.

Create strong passwords that are not easily be guess or crack.
Secure your own side(your computer) from different malware.
Make regular backup of your blog.
Update your wordpress to latest version
Use SSH instead of FTP
Avoid using your account on public places
You must be ware on different attacks to secure yourself.




Share your views...

0 Respones to "Secure your blog running on Wordpress"

Post a Comment


 
Supported/Suggested Browsers for our site
Fight Spam! Click Here!

Don't Copy Articles

Protected by Copyscape Plagiarism Detector
DMCA Protected

Expand HackClarify

Hacking Tips & Tricks

If HackClarify articles have helped you in learning then copy code below and give a small place to this image in your blog or website:

Attribution

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Dont Copy or Reproduce Articles.

© 2012 | Founded & Maintained by Samin Yasar | All Rights Reserved