Wordpress Security Tips — For the untrained :

By Paul | Jun 10, 2009

I was reading over at Malware Diaries, about a hacker that doesn’t secure his exploits.  What gets me is that I am so surprised that he did that, then I thought about it and I read what Trend Micro had to say about it:

Creating a website is indeed a big task but, considering the present threat landscape, monitoring it and keeping it secure from attacks is a bigger one.
Website administrators have the responsibility to keep their systems malware free, secure web server files from unauthorized access, and keep their website clean of malicious codes, for their own sake and most especially, their visitors’.

[via Trend Micro blog]

Now admittedly Trend talks about the Gumblar and how they compromise websites with either a FTP password stealer or and SQL Injection.  These are a common practice with hackers and thief to get the credentials to use your server for their means.   So I wanted to talk about some things you can do to better protect your Wordpress blog.   Since I have a Wordpress Blog this was something I know about.

  • Wordpress Security Scan –  This is a great plugin to help you identify and also suggests how you can fix them to prevent a hacker from getting in the first place.
  • Block Wp-Folders from being Indexed –  This can be done by going to your robots.txt file and making sure it says:

    • Disallow: /wp-*

  • Protect your Wp-admins folder — Attackers can use brute force attacks to without much waiting to get access to your Wp-admin page so you should:
  1. Login Logger Plugin — This is good to see if anyone is trying to login and keeps a log for those instances where you might need to block a certain IP in the .httpaccess file section.
  2. Limit Login Attempts plugin — This has a set amount of login before that IP is locked out for a certain amount of time.  You can have it set to what you want an hour or more, it just depends on your preference.
  3. Bad Behavior — This is a good little plugin to help with spam such as referral spam and comment spam. I’ve been using it for the past few months and my referral spam has dropped drastically to almost Zero.

These are just a few things I’ve done to help protect my blog and protect my community and users.   I will not disclose everything because I have to keep those bad guys from getting in but I have I hope started you in the right direction.   I would also suggest using something like Roboform that comes with a password generator to use that with your wordpress login password.  This will also help prevent from gaining access easily.

Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • MySpace
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • Reddit
  • Technorati
  • Slashdot
  • Blogosphere News
  • StumbleUpon
  • Suggest to Techmeme via Twitter
  • Identi.ca
  • Posterous
  • Twitter
  • email
If you enjoyed this post, make sure to subscribe to my RSS feed, bookmark the store and joining the forums

Comments are closed.

Leave a Comment

If you would like to make a comment, please fill out the form below.

You must be logged in to post a comment.

Bad Behavior has blocked 889 access attempts in the last 7 days.

© 2009-2010 Tech-Linkblog.com All Rights Reserved -- Copyright notice by Blog Copyright

Tech-Linkblog.com is Digg proof thanks to caching by WP Super Cache

© 2007 Tech-Linkblog.com and Hosted by Justhost and domain through Godaddy, - WordPress Themes by DBT -- Who links to my website?