Easy Steps to Protect & Secure Your WordPress Blog


As of the start of 2009, there have been approximately 133 Million blogs online. This is quite a big market and the proper playground for unscrupulous individuals who stay for spamming, scamming, and just creating malicious programs that can severely compromise and disable unsuspecting websites. As WordPress weblog owners, we want to do everything possible to ensure that our sites are in no way compromised. Here are ten straightforward steps, gear, and recommendations to ensure that your blog can face up to malicious assaults and no longer be overrun with spam.

1. Use Login Lockdown Plugin

Hackers can easily crack your password and other login credentials using Brute Force Attacks (Click here for a definition). This plugin provides an additional protection characteristic to WordPress by prescribing the price at which failed logins may be re-attempted from a given IP range.

2. Delete Unused Plugins

Always make sure to delete unused plugins as those can offer loopholes that can be effortlessly exploited.

3. Secure the /wp-admin/ Directory the usage of. Htaccess

I determined this one on Google’s Matt Cutts’ weblog. Secure your /wp-admin/ listing by using the a.htaccess document to allow get right of entry to from particular IP addresses only. Create a new one. The access report, which you could vicinity immediately in /wp-admin/.Htaccess.


This is what the. Htaccess record consists of:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny, allow
deny from all
# allowlist domestic IP cope with
permit from
# allowlist paintings IP address
allow from
allow from

Replace the with the IPs you would love to allow. This record says that the IP cope with (and the other IP addresses allowed) can get entry to /wp-admin/. However, all different IP addresses are denied get right of access. The ‘#’ lines are just notes and can be modified to fit what you want.

4. WordPress Security Scanner Plugin

Install this plugin to assist hit upon any loopholes which could exist in your database and log files. It provides a report on what wishes to be executed to save you assaults.

5. Limited Blog Registration Access

If your blog accepts registration, ensure that a person can’t immediately register and obtain an administrative get right of entry. To exchange this, go to your Settings choice inside the WordPress dashboard, pick General. Then change the New User Default Role to Contributor. This can effortlessly be modified as the need arise. User privileges can also be assigned to the usage of the Role-Manager plugin.

6. Change Your Login Name

The default WordPress username is admin, and hackers will constantly try and infiltrate the usage of this default. So make it more challenging for them with the aid of converting it. In your WordPress dashboard, go to Users and set up a brand new personal account. Give this new person administrator function. Log out and log in once more with the new user account.