7 simple steps to make your WordPress blog more secure

Wordpress blogs can be targets for hackers looking to take over for SEO, traffic-redirection and other purposes. Most bloggers aren’t aware of the threat posed by hackers and the blog owner may not even know that a successful attack has taken place.

I had an experience some months ago on one of my blogs, where my server had been flooded with hundreds of pages relating to adult material. I only realized this when Google stopped sending me traffic to that blog.

There are some simple security measures that any blogger can implement today to make a blog more secure.

Create a new user account

It is harder for a hacker to break into your blog when both the username and the password have to be cracked. That is why you should create a new user and delete the WordPress default “admin”.

You create a user by going into “Users” then “Add New” in the WordPress menu. When creating the new user, make sure to give it the role as an “Administrator”. That will make sure that you have the full authority over your blog.

Now simply logout from your default “admin” account and log in with the new user details. In “Users” you can delete the default admin username. Make sure to choose the option to transfer your old posts to your new username when deleting the “admin” account.

Use strong password

Do not use simple passwords when creating the new user account. It might be simple for you to remember it, but it is also easier for a hacker to crack it. Your password should be at least eight characters long and should include numbers mixed with characters in uppercase and lowercase.

Set a new nickname

You do not want your new username to be the author name that is shown on all posts. Set the nickname WordPress uses as author name to something different than your username. You do this in “Users” under “Your Profile” in the Nickname field. Choose a new nickname and set “Display name publicly as” to your new nickname.

Use Login Lockdown plugin

Login LockDown plugin records the IP address and timestamp of every failed login attempt to your WordPress blog. If more than a certain number of login attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

Do not allow guest user registrations

If you do not have a membership blog, then there is no reason to allow visitors to register for a guest account on your blog. To check that you’ve got registration turned off, click “Settings” and make sure that “Anyone can register” option is not checked.

Always upgrade

Always upgrade to the latest version of WordPress, latest version of your WordPress theme and latest version of plugins you use. One of the reasons for new versions of software and plugins, is the security vulnerability found in older versions. With WordPress 2.7+ all of these upgrades are simple, automated, one-click processes within the WordPress interface.

Backup regularly

Taking regular backups is important. In case if something happens, use can always use the backup to recover your blog files. WordPress Database Backup plugin makes it simple to backup your files. Activate the plugin and set it to automatically take backups and send them in a file to your email address.

Conclusion

These 7 simple steps can be executed quickly and should make your blog harder to break down. Do you care about your blog security? Did you have any experience with hackers breaking in? What steps did you take to make your blog more secure?

Image by AMagill