Falcon's Invoice Discounting: Your Path to Prosperity
Protect Your Blog and Improve WordPress Security
1. mat t hewwoodward.co.uk
http://www.matthewwoodward.co.uk/tutorials/how-to-improve-wordpress-security-protect-your-blog-from-hackers/
Matthew Woodward
How To Improve WordPress Security & Protect Your Blog From
Hackers
If you haven’t done anything to improve WordPress security then you have
never had to learn the hard way.
I learnt the hard way a couple of years ago when I woke up to f ind one of my
authority sites had tanked out of the SERPS losing out on 10,000 visitors a
day.
That equated to nearly a $12,000 / £8,000 loss in af f iliate commission…
Af ter a bit of investigation it turned out someone had hacked the blog and
created thousands of spam pages hidden f rom normal view and turned it into
a cloaked link network.
That was enough f or Google to slam the site even though it looked perf ectly
f ine to the naked eye, even when logged in as admin!
It took me a f ew days to undo the damage due to my lack of backups (they injected C99MadShell code into
every f ile) and a f urther 3-4 weeks f or the recovery in Google.
All of this could have being avoided if I had just spent 10 minutes improving the security of the blog.
The irony is I had read and ignored plenty of articles just like this one ^^
WordPress it is a prime target f or hackers no matter how big or small your site is. Check out the latest threats
here and you’ll see what I mean.
What You Will Learn
How to improve WordPress security
How to protect against hackers
How to automate backups f ree of charge
How to scan your site f or malware
How to automatically monitor your site
Automatically Backing Up Your Site
First things f irst – make a backup of your site right now!
Having regular backups makes it easy to recover f rom hacks – in f act you can restore your entire site in just 1
click.
It is also handy to make a backup bef ore making any signif icant changes to your site such as installing a new
plugin or upgrading WordPress.
2. My host does this automatically f or me and provides a great control panel but if your host doesn’t then don’t
worry.
There are many paid backup plugins available but all you need is the f ree BackWPup plugin.
This will back up your site, the database and all of the f iles including everything in WP-Content into a single zip
f ile.
It will then automatically upload the f ile to an FTP server, Amazon S3, Dropbox, SugarSync or a bunch of other
services.
You can even setup a dedicated f ree Gmail account and get the plugin to email the backups to you! Gmail is
great f or storing your site backups!
Install the plugin and ensure you are doing daily backups!
Want more great tutorials like this? Just enter your email and click “Sign Me Up!”
Remove WordPress Version
By def ault WordPress will tell you which version of the sof tware it is running in the source code.
The problem with this is when hackers discover a vulnerability it makes it very easy f or them to get a list of
blogs running the vulnerable version to attack.
To remove it, just login as admin and go to Appearance > Editor > Functions.php and add this line of code at
the end bef ore the closing ?> tag-
remove_action('wp_head', 'wp_generator');
Block Directory Browsing
Usually if you browse to a specif ic directory you can view all of the f iles in that f older, just like when your
browsing through f iles and f olders on your computer.
To stop the server f rom listing the f iles in a directory you need to add 1 line to .htaccess
Open up the .htaccess f ile in the root of your site (where the wp-conf ig.php f ile is) and add this line-
3. Options -Indexes
Update WordPress & Plugins
New hacks and vulnerabilities are discovered all the time which is why it is important to keep up to date with
both WordPress and plugin updates.
Make sure you keep both updated regularly!
It is also a good idea to make a backup of your f iles and database bef ore updating anything just in case it
breaks!
Delete Unused Themes / Plugins
While unused themes and plugins don’t interf ere with your blog directly, if the plugin or theme is hacked (there
are thousands of these in the of f icial directory) then hackers can still access it.
So if you have any unused plugins and themes, delete them! This will not only improve security but help to
speed up your site as well.
TimThumb Vulnerability Scanner
TimThumb is a popular script that is used by a lot of themes to resize images f or thumbnails and so f orth.
The only problem is this script had a huge bug which lef t the door wide open f or any hacker.
The other problem is this is used by a lot of themes & plugins, meaning they come with a built in hacker f riendly
back door.
This is the back door that was used to hack my authority site.
To check if your theme is at risk, install the TimThumb Vulnerabiltiy Scanner.
That will scan your blog f or any old versions of TimThumb and allow you to update them in one click if you
need to!
You can uninstall the plugin once you have done that.
CloudFlare
CloudFlare of f ers a f ree service that helps to protect and speed up any website.
This actually works on the DNS level and helps stop hackers in their tracks bef ore they even reach or see your
site.
Here is how it works-
4. It only takes a f ew minutes to setup and will of f er decent protection. There are paid options available but you
won’t need those f or the most part.
Install A Security Plugin
As well as the tips above you can improve WordPress security and protect f rom hackers by installing a plugin.
The Better WP Security plugin helps to protect your site in a number of ways-
Removes the WordPress version
Changes the URLs of the login and dashboard pages
Renames the def ault admit account
Changes the WordPress database table pref ix
Removes login error messages
Protects your sites f rom hacks
Scans your site f or vulnerabilities
Automatically bans bots and hackers
Improves server security
And a whole bunch of other stuf f ! It does also have an automatic backup option but this only backs up your
database and not your f iles, so please see the separate backup section f or that!
Install A Firewall
Alongside a security plugin you also want to install a f irewall that will block any attacks f rom SQL/Java injection.
The OSE Firewall plugin has you covered!
The combination of the f irewall and the Better WP security plugin is a great setup!
How To Monitor Your Sites Security
There are a number of f ree services we can use to monitor our site f or hacks and downtime.
Sucuri Sitecheck
5. The f irst one is the Sucuri Sitecheck scanner which will check lots of URL’s across your site f or a range of
threats.
This covers everything f rom malware to checking if your site is blacklisted anywhere.
Pingdom
The f ree account at Pingdom will check your site every minute f rom a range of locations.
You can get notif ications of downtime via email, sms, Twitter, iOS or Android which is very handy indeed!
In f act if you manage a bunch of site the Pingdom mobile app is f antastic – I highly recommend it!
Change Detection
The Change Detection service is simple in f unction but amazingly handy!
All it does is monitor pages f or changes and if a change is detected it sends you an email!
You can use it to make sure your alerted of any changes to your site. It’s also great f or checking when popular
items are back in stock on websites ^^
Have You Improved Your Blogs Security Yet?
6. For your own sake please do not ignore the advice in this article.
You do not want to learn the hard way like I did – heck I didn’t have the basics of regular backups in place when
I was hacked!
If you don’t take this issue seriously you will have problems in the f uture.
It doesn’t take long to seriously beef up the security of your site, so what are you waiting f or?
Don’t regret ignoring articles like this like I did! Take action NOW!