Many of these “hackers” are actually using scripts that can quickly break into your WordPress installation using common settings and other methods to compromise the files. You can prevent most of these attacks by applying a few common security tactics to your WordPress installation.

If you’ve been hacked

1. Upgrade to the latest version of WordPress.
2. Make sure there are no backdoors or malicious code left on your system. This will be in the form of scripts left by the hacker, or modifications to existing files. Check your theme files too.
3. Change your passwords after upgrading and make sure the hacker didn’t create another user.
4. Edit your wp-config.php and change or create the SECRET_KEY definition. It should look like this, but do not use the same key or it won’t be very secret, will it?

define(‘SECRET_KEY’, ‘1234567890′ );

1. Change your admin name from the default which is “admin” if you install via Fantastico then it by default allows you to select your username and this may not be an issue. However a manual installation of WordPress uses “admin” as the default username for the admin account. Many of these scripts search for common password combinations such as admin password or admin 1234 and if they find a blog with these settings it automatically cracks the account through brute force methods.

2. Move your WordPress configuration file named wp-config.php to the directory above your installation. For example, on a cPanel server, if your WordPress is installed in the public_html directory you would put the wp-config.php file in the home directory in front of it that contains the public_html directory. This feature was implemented as of WordPress 2.7 and will work on all versions and makes it difficult for the attacker to compromise your database information.

3. Hide your WordPress version, you can download a security plugin from within WordPress that will allow this functionality simply by activating the plugin. This prevents attackers from being able to tell your WordPress version so they can exploit it.

4. Do not install WordPress using the default table prefixes for your database which is wp_ change it to something else, this way it is much more difficult to use a script to compromise any commonly known exploits because the database tables names are not known and not the default configuration.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

We have outlined some of the key points that you should know bout and how to secure them. This will also give you some insight into some of our Wordpress securing techniques.

1) Don’t use the admin account. By default Wordpress when installed manually uses the admin account. There are several ways to update this information. The easiest for most is to do it through Wordpresses admin area.
a) Create a new account and give it administrator priviledges in your Wordpress blog.
b) Delete the original admin account and use the new account instead.

2) Files should be set to 644 permissions and folders should be set to 755 permissions. Start with these default settis and if you need to set it higher go up correspondingly to 775, then 777.
Many shared hosts do not allow 777 permissions on their servers for security reasons. If you set these to 777 you may experience strange errors such as file not being displayed if the permissions are too low or 500 internal server errors if the permissions are set to high.

File permissions can be changed via FTP or SSH. This is known as CHMOD and is the technical term for changing the permissions on the file.

3) Move your wp-config.php file. Since Wordpress 2.6 was released, Wordpress has included the ability to move your configuration file to the parent directory. This means that no matter where your blog is located it will search for the configuration file in the parent directory for the script. So if you are on a linux server you can put the blog in your websites root directory. While the configuration file stays outside of the directory making the Wordpress configuration file almost completely innaccessible to hackers.

4) Wordress 2.6 also added the ability to move the wp-content directory. A hacker cannot compromise your content directory if they cannot find it. Not all themes are compatible with this update.

5) Remove the Wordpress version from the header. By default Wordpress displays the version number. Better to not allow this so that hackers cannot determine your Wordpress versions to look for suitable exploits.

6) Stay current on updates and upgrades to Wordpress and your Wordpress plugins.

7) Use Secret Keys – A secret key is a hashing technique which makes your Wordpress website more difficult to hack by adding random elements to the password.

9) Force SSL on login and or all admin pages. To do this you will need an SSL certificate installed. Many hosting companies have shared SSL that you can use for this by default if you are not concerned with a browser popup warning specifically and only you or your staff will be using the admin area. Then this would come highly recommended as a way of securing all of the data exchanged when you are editing your Wordpress website from the administration area.

10) .htaccess lockdown – This is really only useful if you only access the blog from one location although you can get around the IP issue by updating your IP using FTP before logging in. This will only allow you access to your admin area and everyone else will be rejected.

11) Run wp-security scan – This nifty little plugin scans your Wordpress installation for known vulnerabilities in the script.

Originally posted 2010-03-31 04:52:21. Republished by Blog Post Promoter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Originally posted 2009-10-06 21:43:15. Republished by Blog Post Promoter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The Wordpress Fix recommended addons can be downloaded here as well. These are the basic plugins and addons we have found the most useful when working with blogs. In many cases we use almost all of these addons contained in this package. If you are concerned that the plugins in this package may not be the latest versions, not to worry Wordpress has a nifty upgrade feature on the plugins page so that you can automatically update any outdated plugins.

Some of the features you will find in the Wordpress Fix recommended addons pack can be found here.

Automatically upgrade your Wordpress blog
Embed Videos from any site with an embed code
Post links never break
Easily generate an SEO friendly site map

Originally posted 2009-10-31 02:41:06. Republished by Blog Post Promoter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

After the plugin is installed, you would then need to activate the plugin. You can do so by logging into the admin area and clicking on plugins. Select the inactive plugins option and then activate the plugin from there.

Change Admin Username Plugin

Originally posted 2010-05-05 05:57:08. Republished by Blog Post Promoter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Download Sexy Round

2 columns, black, grey and white colors, widgets ready, right sidebar, free Wordpress template for adult blog

Originally posted 2009-10-31 05:04:55. Republished by Blog Post Promoter

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.