If you plan on being popular, plan on being secure.

If you run a popular blog,  take pride in the huge target you have earned and take security seriously. Getting hacked is an embarrassment to you and the team that manages the blog. Don’t let it happen. While it is humorous to see  a hacked site tagged up by a 14 year old on an ego-trip (an “I remember when I had my first beer” moment), it does in fact suck to deal with the aftermath. Here are some tips and tools to protect your blog.

1. Change the Default Login Name.

Every would-be hacker appreciates the default admin account and the lazy admins who keep them. Having an admin user account solves half the puzzle for them; they have the user name and now all they need is a password. Get rid of this account.

The default username is admin. You can make it more difficult for the hacker to crack your login credential by changing the login name.

In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.

Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion

2. Check the permissions on your WP directories.

Log-on to your web-host and check your file permissions. There are very few cases where 777 permissions are required for WordPress to properly function. Be weary of changing your permissions to 777. This makes it easier for malfeasance to occur.

2. Set User Permissions for your contributors.

If you work on a team, remember that not everyone has to be an admin to contribute. Limit user rights accordingly and manage your users.

3. Keep track of those who have access.

Unlike other internet crimes, assaults on a blog are usually perpetrated by someone you know; someone you’ve interacted with, an angry tech, admin vendor, etc. Keep tabs on the people who have a little more inside info than your average reader.

4. Back-Up Your Database.

If something does go wrong you can always restore your database.

5. Keep your WordPress Installation Up-To-Date.

Don’t worry about your plug-in compatibility. Content should take priority. You may hear other WordPress “gurus” tell you to hold off on the upgrade due to plugin compatibility issues. If security is a concern, ie you use the blog professionally or if you have a popular blog, keep it up to date. The  minor annoyance of a few incompatible plug-ins every now and again are worth trading for a safe and secure blog.

A note about the old plug-in compatibility argument-

Sacrificing security for plug-in compatibility is like asking to trade a cage for a pearl necklace when being dropped into a shark tank. If the plug-in is that important- contact their support page and hound them to update.

A Few Plug-Ins That Will Help You Secure Your WordPress Blog

WP-Security-Scan informs you of holes in your security system and plugs a few of them and makes recommendations for others. Warning- We don’t recommend changing the directory structure of the blog, unless you really think “they” are after you.

WP-Database-Backup can automatically back-up your WordPress database and related files and email them to you. This is an essential plug-in.

Log-in Lockdown prevents brute force attacks by blocking an IP range after multiple failed log-in attempts. It’s easy to configure and use.

Chap Secure Login encrypts your login to prevent people from sniffing your password.

Role-Manager allows you to set capabilities for specific user groups.

WP-Secure Remove Wordpress Version- Removes the WordPress Version and Entire meta data to prevent hackers from using the information to find vulnerabilities in your blog.