Is your wordpress secured? You should really move on!

Hey its already Friday and I have about only one week before the university course get back to rant us! So today I’ll talk about something really important. Is your wordpress secured?

I am not sure but I think that many of us here mostly my Mauritian bloggers buddies do not secure their blog as it should be. Everyone heard about the Tamasa.mu hacker attack some days ago? So some of you must be saying that Tamasa had a weak script with loopholes and so on and thats why it was easily hacked by a son of a “Bitch”?!

I will agree about the last part whether the hacker is a son of a bitch… that not my problem, but did you know that even if wordpress is secured, it can be hacked if you on your side you do not abide by the preventive measures?

I won’t go into the details of how a wordpress can be hack but I’ll tell you one simple example. Assume your blog is hacked and the hacker delete your database or modify it in some ugly ways. Its really simple to restore another wordpress installation within minutes. However, do you have a backup?? By backup, I mean about a database backup and also the wordpress files backup! Do you have one? And if you have one… is it a recent one?

That’s where you can lose a lot of data if you dont do backups. Island Crisis and other blogs hosted on my account do 24 backups everyday! Thats is each hour the blogs are backup and saved at a restore point. No need to worry if you do not do backups. I’ll tell you how easy it is.

Those on blogspot need not to worry much about backups. But those on private wordpress should do it. Grab this plugin for database backup and install it to your plugins directory. Enable the plugin and go to setting to configure it.

There is a section where you can email the backup to an email address. No need to bulk your sever with backups. Use the email backup feature and create an email address just for backups. Now you set the backups to hourly or twice a day… as you need it. The plugin will automatically backup your database and email it to the backup email everyday or every hour.

Now concerning your wordpress files, you can do a manual backup everyday within your adminitration panel or try to see if your host gives you a backup utility.

Now backups is not a real preventive measure. Its more like a solution if ever you get hacked. So how to really secure your wordpress.

A hacker can brute force attack your login page. So to fu*k him, use the login lockdown plugin. Also consider using the Chap Secure Login to encrypt your login information while logging to your blog. Who knows… if our local hackers did get some nutritional milk from his mother then he could have the idea to sniff networks. So lets make him sniff our socks!

Another thing is to add an index page to all your folders! For example your plugin or theme folders, create a blank index.html page and upload it everywhere there. The most important is to secure these two folders:

1. /wp-content/plugins
2. /wp-content/themes

Now, time to also remove your wordpress version from your blog! Why? Simply because it will just make a hacker’s job easier to know what version of wordpress you are using and hence he can look for loopholes! So go to your header.php file and remove this part of the code:

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

Ok you are now more secure than before but there is two silly mistakes that I often see many people do! What is your blog username? Admin?? Change that buddy!! Its too easy to guess. If a hacker can guess this then the only job he remain is to find the password! So use a weird and original username to login! Avoid using your name too!

Second mistake is password? What is your password? Btw i heard that the admin of Twitter had password as ‘Happiness’!! Lol. Use a strong password which contain atleast 12 words and also contain atleast 1 digit and 1 symbol! plugins, Blogging,

Well thats all for now concerning security. If you guys know some more working methods do share with us here.