Enter a reason for deleting this comment
How to keep your wordpress blog Safe & Secure - Part 1
Wordpress ! Do I need to tell you what is it ? If you said NO, then you can start reading this tutorial from next section/paragraph. As I've marked this tutorial as "beginner", let me give a brief introduction to wordpress for benefit of all of us. According to wikipedia, wordpress is "a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL which runs on a Web hosting service." If you are a newbie, did wikipedia definition answered your question ? I don't think so. Let me give simpler version of it. Wordpress is a site cum tool, which allows you to create your own blog for free ! All your free wordpress blogs will have url something like, http://<sitename>.wordpress.com. It has hell lot of templates to make your site look beautiful and life simpler. It is one of the most popular free blogging platform. It's competitors are blogspot (by Google) and tumblr.
If you are reading this section, then I'm sure you know what is wordpress. It's popularity can be problematic
for a wordpress user. I mean, as it is popular, most hackers or programmers might inject/use some malicious code
into your blog to steal data
or have a backdoor entry. It doesn't mean wordpress is insecure
, it only means hackers are one step ahead ! So, to stop these evil minds (aka hackers
) we have to make some adjustments to our wordpress blog
. It means you will need to have knowledge of html(5), css and minimal knowledge of working with wordpress. If you are a complete newbie
, I request you to goto wordpress.com, create a blog and play around
for some time to understand about wordpress in more detail. Make sure you took backup of your wordpress post
, files and database before trying out this tutorial.
In this tutorial
installment, I'll share only basic tricks
which everyone (even a newbie
) can understand. In next installment
of this tutorial, I'll share tricks for which you need to be familiar with wordpress
. In other words, next episode of this tutorial will be of intermediate level
- Update Wordpress regularly: Wordpress comes out with a new update almost every quarter or half yearly. So, make sure you update your blog to latest version of wordpress. Wordpress updates mostly has patches for security issues, bugs, optimization of template for SEO, etc. So, when you keep your wordpress version updated you are protected from known threats and your blog is search engined optimized!
Note: Please take backup of your files before update. It will help you in rolling back, if anything happens while updating wordpress version.
- Never use Incompatible plugins: Once you update your wordpress version, it is quite possible that plugins you are using might be incompatible with new version. So, make sure you disable those plugins or delete them and wait for newer version of compatible plugin. Mostly, compatible versions are released within a week of wordpress update. You can check plugin coders blogfor updates on new plugins.
- Customize Username: By default, admin account in wordpress creates account username as "admin". It makes easier for hackers to crack your username and password combination. So, please change it to something unique. [For newbies] You can change the username by creating another admin account through actual admin account and then renaming actual admin account username to some unique identifier using newly created admin account. [For advanced Users] Login into your phpmyadmin and change it wp-users tables using sql query.
- Create strong Password: Strong password consists of a upper case, lowercase, number and special character. It has to be minimum of 8 characters. If you still don't get how to create a strong password, then use gmail registration form. It indicates if your password is strong or not. I use it all the time to know if I'm using strong password or not.
- Install Login-Lockdown Plugin: It blocks an IP from continuously trying to break into your account. It suspends an ip if somebody tries to login and is unsuccessful. By default number of unsuccessful attempts before an ip is blocked is 3. You can always change it, if you want.
- Install only Authorized plugins: I would suggest never download and install a plugin from a unauthorized publisher or programmer. Always install plugins which are authorized by wordpress.org, basically all plugins which come up on using search option in your dashboard.
If you are planning to install a useful plugin from a known, but not authorized by wordpress, publisher then make sure you do thorough research about plugin and publisher before installing it.
- Don't Install Everything: There are more than thousand authorized plugins/themes in wordpress. When a plugin is authorized, it only means those plugins/themes are not malicious. It doesn't mean they don't have bugs. So, good programmers can always take advantage of these loop holes. It means your site is at stake. So, choose and install plugins/themes carefully.
I hope the tricks which I've shared in this installment were not only useful to newbies
, but also worth reading and implementing for advanced wordpress users
. I'll be posting next chapter of this tutorial soon. So, stay tuned to Webmaster Tutorials