Being an open source blogging system, WordPress is vulnerable to a lot of hacking and malware attacks particularly SQL injections. Of course, we need to be aware of these security issues as they will affect the success of the blog. Blogs with bad security are prone to constant attacks and lack of traffics. Not that I’m an expert, but I’m sharing a few tips and useful plugins that you might want to install.
1. Directories should not be left open for public browsing
It would be good to add an empty index.html or index.php file on some important directories like in the wp-content/plugins or wp-content/themes folder. Usally, these two folders are the main source of SQL injections and exploits. Alternatively you can add the following line to your .htaccess file in your root:
Options All -Indexes
2. Protecting your WordPress wp-admin folder
Attackers or hackers can also use bots for a brute force style of attack that simply guesses the admin password until they come up with the correct one and login. There are a few useful plugins available and I recommend these two:
Limit access to wp-admin folder by IP address– This solution is to restrict which IP’s can access the wp-admin folder via .htaccess. This has one drawback is you may have to update your .htaccess folder if your internet provider assigns you a dynamic IP address, you move to another location or you have authors at other locations.
AskApache Password Protect– The plugin is simple, it adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder. All you have to do is choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both.
3. Stay up to date
This what most bloggers are lazy to do. You need to keep your on your plugin/widget, theme, and WordPress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.
4. Stop worrying about your wp-config.php file
Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>
This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.
5. Protect Your Blog With a Solid Password
Creating a strong password that is also memorable is one of the easiest defenses against being hacked. There are a lot of online password strength checker that you could check. Also you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal with all the myriad passwords we seem to accumulate online.
6. Install Antivirus for WordPress
AntiVirus for WordPress is a plugin that monitors malicious injections and warns you of any possible attacks.