As of the start of 2009, there have been approximately 133 Million blogs online. This is quite a big market and the proper playground for unscrupulous individuals who stay for spamming, scamming, and just creating malicious programs that can severely compromise and disable unsuspecting websites. As WordPress weblog owners, we want to do everything possible to ensure that our sites are in no way compromised. Here are ten straightforward steps, gear, and recommendations to ensure that your blog can face up to malicious assaults and no longer be overrun with spam.
1. Use Login Lockdown Plugin
Hackers can easily crack your password and other login credentials using Brute Force Attacks (Click here for a definition). This plugin provides an additional protection characteristic to WordPress by prescribing the price at which failed logins may be re-attempted from a given IP range.
2. Delete Unused Plugins
Always make sure to delete unused plugins as those can offer loopholes that can be effortlessly exploited.
3. Secure the /wp-admin/ Directory the usage of. Htaccess
I determined this one on Google’s Matt Cutts’ weblog. Secure your /wp-admin/ listing by using the a.htaccess document to allow get right of entry to from particular IP addresses only. Create a new one. The access report, which you could vicinity immediately in /wp-admin/.Htaccess.
This is what the. Htaccess record consists of:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny, allow
deny from all
# allowlist domestic IP cope with
permit from 111.111.111.111
# allowlist paintings IP address
allow from 111.111.111.111
allow from 111.111.111.111
Replace the 111.111.111.111 with the IPs you would love to allow. This record says that the IP cope with 111.111.111.111 (and the other IP addresses allowed) can get entry to /wp-admin/. However, all different IP addresses are denied get right of access. The ‘#’ lines are just notes and can be modified to fit what you want.
4. WordPress Security Scanner Plugin
Install this plugin to assist hit upon any loopholes which could exist in your database and log files. It provides a report on what wishes to be executed to save you assaults.
5. Limited Blog Registration Access
If your blog accepts registration, ensure that a person can’t immediately register and obtain an administrative get right of entry. To exchange this, go to your Settings choice inside the WordPress dashboard, pick General. Then change the New User Default Role to Contributor. This can effortlessly be modified as the need arise. User privileges can also be assigned to the usage of the Role-Manager plugin.
6. Change Your Login Name
The default WordPress username is admin, and hackers will constantly try and infiltrate the usage of this default. So make it more challenging for them with the aid of converting it. In your WordPress dashboard, go to Users and set up a brand new personal account. Give this new person administrator function. Log out and log in once more with the new user account.
