4 Steps To Protecting Your WordPress Blog
Article by davidmwood
David has written 390 awesome articles for us at David Wood's MLM Marketing Prosperity Blog
August 14, 2011 • 14 Comments
I don’t know about you but, I want to protect my blog from hackers as much as I can. Right now, there are thousands of dodgy characters who could hack into your WordPress blog at any moment. Think about it… What would you do if your blog was the target of some 12 year old kid hacker?
Your pages, posts, traffic, lead flow and income is at risk, and it could even be lost for good. Seriously, if you’re running a blog that gets at least some traffic, you are in fact at risk. I know guys who have 10-50 hackers try access their blog EVERY DAY. Of course, they have authority blogs, but that doesn’t mean yours is safe.
Fortunately for you, you’ve come at the right time and you can lock down your blog so it’s hacker free in minutes. WordPress is actually somewhat secure without the extra protection; I mean they have A TON of updates. Unfortunately, you must update stuff manually. Anyway, if you follow along and do everything below you’ll make your blog 10x safer.
1. Delete Admin Account
Keeping your admin account is like leaving a very large back door open. Then broadcasting the news to a really bad neighborhood. (Yah, it’s really that bad)
Pretty much all WordPress bloggers leave their username as Admin. When they do that, hackers instantly have 50% of what they need to know. Then all they have to do is find out your password. Lucky for them, there’s tools out there that can automatically figure out your password.
They just have to input your username and the software uses brute force to break into your blog. Dangerous, dangerous, dangerous. If you’re about to install WordPress, you can choose a different username upon install.
If you’ve already been posting under the admin account, here’s what to do. Go into your dashboard, click users and then select add new user. You need to create a brand new user with admin rights. Once done, log out of your admin account and log back in with your new account.
Now go straight back to the user’s page and go ahead and delete the admin account. Upon deletion, you’ll see that you can transfer all posts to another account. Just transfer them to your new user account and you won’t have any problems.
2. Move WP-Config.php Up One Level
Yep, moving your wp-config.php file up just one level makes a huge difference. The wp-config.php basically has all of your WordPress configuration settings and information. Meaning if a dirty hacker got hold of it… say goodbye to your site. All of your posts, pages and comments could vanish overnight.
Also, there are a ton of bots that can “get hold of” this file because they know exactly where to look. So, you can move the file above the WordPress root. Normally, wp-config.php is located here:
So generally hackers know exactly where to look. All you have to do is FTP into your server and literally drag the wp-config.php file above the public_html directory. So, once done the file should be located here:
Super easy to do, very important. Now hackers (bots) won’t be able to find the file. Nothing else to do, takes under 2 minutes and can possibly save years worth of work.
3. Always Update Plugins, WordPress & Theme
This is a really obvious one that most people already do. BUT, did you know that leaving WordPress, themes or plugins not updated is like leaving a massive window open in the middle of the night? Well, it opens up doors so just update your stuff ok? There are actually plugins that can automatically update everything for you; a simple search will do the trick.
4. Install WordPress Security Plugins
There are hundreds of plugins available that supposedly make your site more secure… but not all of them truly work. I spent a good afternoon making sure my blog was properly secure and everyone kept recommending the same two plugins.
Honestly, don’t ask me why you should install these plugins. I’m just going to tell you that they do some really advanced techy stuff that makes no sense to me. And… I checked MANY authority blogs in our niche and others, they all recommend them.
Just be careful! Seriously, I don’t think there’s any way of fully protecting your WordPress blog. Think about the massive authority sites that are constantly getting hacked. Think about when the FBI’s site got hacked, tons of multimillion/billion dollar companies have had their sites hacked in the past. Who knows how, I just keep hearing about loopholes and backdoors. All sounds a little strange to me. Anyway, just be careful and take 10 minutes to do all of the above. Perhaps it will help you sleep at night?
P.S. Please leave your comments, thoughts and questions in the box below.
P.P.S. If you’d like to learn how to master the art of blogging, traffic generation and all that really cool Internet Marketing stuff, put your email in the form on the right or below this page.
Tags: 4 steps to protecting your wordpress blog, admin account, protecting wordpress, protecting your blog, Protecting Your Wordpress Blog, wordpress, wordpress blog, wordpress configuration settings, wordpress security, wordpress security plugins