When you create a blog there is one fact you cannot deny. You want your words to be posted online. The last thing that you want is for somebody to hack into your blog and put their twist on it and your plug-ins. You are almost guaranteed that the hacker will not be out to help you. They will dumb you down good and fast. Here are some great tips to help keep your WordPress blog and plug-ins safe and secure.
- The only person that should have access to your entire server is you. You can block WordPress folders from being indexed by a search engine with this addition to your list: Disallow: /wp-*
- Do not leave your directory open. The last thing you want to do is allow for public browsing of your directory. If you do that people will not only know your plug-ins, but they will gain the ability to exploit them in a not so favorable light.
- Discontinue using the version string in your Meta Tag. What does that mean exactly? That means that you should not let people know which version of WordPress you are running.
- Hackers often use bots to gain access to a WordPress blog. The bot just keeps guessing at password combinations until it is successful. The best ways to prevent this are to restrict the IP addresses you can log in from and add a second security layer with additional passwords and/or user name. It’s also a good idea to track all failed log-in attempts and set up a system that will automatically shut down your log-in ability if there are too many failed attempts. The failed log-in attempts can be tracked back and help you clarify if there is somebody trying to tap into your WordPress blog.
- Always have the most current versions of WordPress installed. Hackers will look at tapping into older versions of WordPress first because they know how. Newer versions take some time to crack and that in turn helps you be more protected.
- Use SSH. Stop using FTP. FTP login information is seldom encrypted and that greatly reduces the chance of your blog being manipulated by a hacker. SSH is mostly encrypted and that is often enough to give you a higher level of protection.
- Have a solid password. Make sure it isn’t so solid that you forget it right away. There are many ways to determine the strength of your password. Sometimes they are part of the platform set-up. You can also go to several on-line sites and find out how strong or secure your password is.
Protecting your blog and plug-ins is something that you need to take quite seriously. If information with your name on it gets tampered with you will have a disaster on your hands. Follow the tips listed above to give yourself a greater chance of keeping your blog and plug-ins where they belong – with you.