How Secure is Your WordPress Blog?

Apr

21st

How Secure is Your WordPress Blog?

Files under Wordpress

When you think of starting a blog, you might think of starting it out from Blogger or the free WordPress.com just before you go further on buying a domain and host your own blog with your favorite CMS (Content Management System) / blog software.

Although there are several popular CMS other than WordPress, such as Joomla, Drupal, Movable Type, etc.. WordPress seems to be the most widely used platform in the blogosphere.

That derives a new problem. People tend to get jeolous or start to cultivate mischievious ideas when you are getting popular. WordPress, naturally became the target for hackers. It doesn’t mean that other blogging platforms is far from hackers. WordPress, in this case, has a higher percentage of being targetted by hackers.

Now, a question for you as the title suggested:

How secure in your WordPress blog? (if you are running your blog under Wordrpess)

Quoting what Matt Mullenweg, founder of WordPress, once said:

The best thing you could do to make sure your blog is secure is to stay up to date with the latest stable version of WordPress.

With the released of WordPress 2.5 last month, I have read some comments from my blogger friends that they don’t wish to upgrade to 2.5, not until it is really stable. On the other hand, few days after the release, I started the upgrade for one of my blogs first (this is the blog which I upgraded first). Before upgrading, to make sure everything work fine, I installed 2.5 in my local machine to test out some of the newly implemented features.

It is really improtatnt to keep your WordPress blogs updated with the latest security fix. Keeping a blog is not as easy as it seems, especially when you start your own domain and host your own blog. Although WordPress is free, it has some hidden cost that you won’t notice until some security issue threaten you.

What sort of hidden cost?

You have to update your WordPress everytime there’s an update.
You have to update your plugins. This is where security leaks most often. [Check plugin compatiblity for 2.5]
You may need to update your theme for compatibility. [Check theme compatibility for 2.5]

In conclusion, you have to pay extra attention on the maintenance costs.

These are what you can do to secure your WordPress blogs:

Secure your /wp-admin/ directory – Lock down your wp-admin folder so that only certain IP addresses can access that directory
Make an empty wp-content/plugins/index.html file – This is to prevent others to access to your plugins folder. Creating a blank index.html is very easy. Just open up a new file in Notepad and save as “index.html” including the double quotes (“”), and upload this blank index.html file to your plugins folder.
Keep an eye on WordPress Development blog – I know some of you have some plugins installed to keep away those “useless” widget/announcement appear in the dashboard. But it’s always good to keep an eye on the WordPress development blog or any updates or simply, subscribe to it.
Hide your WordPress version - Most WordPress themes display the current version of WordPress that you used. This tracking code can be found in the header.php. You want to hide your WordPress version, imagine if your blog is not running the latest version and you are showing the version information, it will then be open to hackers. Just open your theme’s header.php file and look for the following line <meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> and remove the <?php bloginfo(’version’); ?>

Other than those, you can also install a variety of security plugins. Check out the top 10 security and protection plugins for WordPress. I’m going to check out those plugins myself later.

If you want more extra readings on WordPress security, this is a very good one.
[via Metaphorics Lab, JohnTP]

Share and Enjoy:

Tags: plugins, security

Similar Posts:

27 Responses to “How Secure is Your WordPress Blog?”

By Budi on Jul 25, 2010 | Reply

Thanks for sharing this tips, especially point no 4. “Hide your WordPress version”
I will check it out on my blogs

Regards,
Budi
Budi´s last blog ..How to Add A Favicon to Your WordPress Blog

By Mark on Sep 20, 2010 | Reply

I agree on hiding the version too. Excellent post.
Mark´s last blog ..Web Host Reseller Reviews

By Jenifer on Dec 9, 2010 | Reply

Did you know that the Basic HTML Color set is a combination of 216 color? You can find a tabulated view of the basic HTML color on the internet. It can be handy when you need to quickly choose a standard HTML color for your site or any other project.
Jenifer´s last blog ..ASCII – EBCDIC Converter

By Axel on Dec 29, 2010 | Reply

To secure a WordPress blog you need to backup it too ! There are tools like Website 2 Backup to do encrypted automatic website files and database backups stored to email, ftp, or locally.
Axel´s last blog ..Website Backup Manager

By Dave C on Feb 16, 2011 | Reply

I own a NJ home theater installation company, of which I use wordpress for my website and I would like to think that its as secure as possible! guess not.

By Mario Kübler on Feb 21, 2011 | Reply

Very interesting Information, thank you!
Mario Kübler´s last blog ..Impressum geändert

By disfraces on Feb 26, 2011 | Reply

good post this is very interesting, also are more plugins for wordpress that help you to optimize your post.
disfraces´s last blog ..Disfraces Dragón Rojo

By Harry Rate on Mar 30, 2011 | Reply

Yes you do need to keep all your plugins updated. But this is not always a trivial task. I find that some of them will not update properly through the update button.

You can update manually, but what a pain.
Harry Rate´s last blog ..How Much Can I Borrow

By Rashad Storlie on Sep 28, 2011 | Reply

Howdy! I just found your web site: How Secure is Your WordPress Blog? | Blogging For Novice when I was surfing around stumbleupon.com. It looks as though someone loved your website so much they decided to bookmark it. I’ll definitely be returning here more often.

By Steve K on Nov 8, 2011 | Reply

As much as I want to jump over to WordPress for all the advanced features, I’m just dreading having to do the sysadmin side of things with it. So for now, I’m sticking with my less than ideal hosted platform.
Steve K´s last blog ..e-Cigarette News Roundup 11/7/11 – Enough already

By Secure Wordpress Blog on Dec 18, 2011 | Reply

Best Tips to Secure WordPress Blog/Site here http://how-what.blogspot.com/2011/12/how-to-secure-wordpress-blog-few-basic.html

By John Galt on Jan 4, 2012 | Reply

I have been devopin on both wordpress and Joomla and I have never had any hacks or problems. Keep your system updated and make sure you keep your sever settings correct across the board.

Custom IDX Solutions

By Del@sold out tickets on Jan 26, 2012 | Reply

I had a site hacked once that I had created for a church using something called guppy. My backup didn’t work so I had to start all over again and decided to switch to wordpress.

So far I’ve had no problems but I’ve read a few blogs about wordpress being susceptible to hacking. Thanks for the security tips. I will have a go at implementing some of them very soon.

By rick on Mar 3, 2012 | Reply

new law in uk starts in april preventing tobacco products from being on show. Tescos have already put cigarettes behind shutters in most stores

By Jimmy Azar on Mar 5, 2012 | Reply

Keylogger is now really popular because of internet security and the family. Family keylogger and the privacy issues are now the main topic for home computer usage.

By Norbert Lukacsi on Mar 5, 2012 | Reply

Hi There,

One of the more basic tips is to change the WordPress table prefix.~

The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all.

SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly filter out dangerous characters. This can allow an attacker to not only steal data from your database, but also modify and delete it.

Make sure you take a good backup before doing this though, and perform it at your own risk.

Thanks.

Norbert

By gfacebook on Mar 11, 2012 | Reply

Good day! I just want to offer you a huge thumbs up for your excellent information you’ve got right here on this post. I’ll be returning to your website for more soon.

By mike peters on Mar 13, 2012 | Reply

some easy wins to guard your wordpress is to install plugins that prevents common attacks such as brute attack.

By The Resource Hub on Mar 20, 2012 | Reply

When we talk about wordpress blog’s security than in the wordpress development. you can make the blog very secure. So here in your blog you tell us the different steps for the blog security, It will be very useful for me for the better security of my blog.

By bestbuyistore on Mar 24, 2012 | Reply

Very nice write-up. I absolutely appreciate this website. Thanks!

By Kristian on Mar 26, 2012 | Reply

Nice written. No doubt coming back in this site.Thanks.

By Kristian on Mar 26, 2012 | Reply

Way to go man. Thanks for information.

By Judy on Mar 31, 2012 | Reply

thank you for your information. I never thought about the security of my blog before.

By rick on Apr 9, 2012 | Reply

hi thanks for the tips, as a newbie to web building and having tried lots of website software i would have to agree wordpress is tops as it has some great plugins and is easy to get up and running

By lilomovie on Jan 25, 2013 | Reply