How to Hack-Proof your WordPress Blog

No HackingI just finished helping a friend bring back a Sports Blog after a nasty hacker attack. Luckily, we had a backup of the database. Otherwise, we had little chance to restore the site.

Here are a few tips to keep unwanted visitors from doing damage to your blog.

Set your File Permissions Properly

Use 755 for directories, 644 for plugins and core WordPress PHP files, and 666 for active theme files. You can check and change file permissions with your FTP client.

Use the Login Lockdown Plugin

Hackers know where to find your login page. The basic WordPress installation offers little protection against a brute force attack. Yes, the new WordPress revisions have started using hardened passwords. However, I still recommend giving yourself the added protection you get from the Login Lockdown Plugin. And, check your current or new password with The Password Meter.

Just upload it and activate it. The plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel.

Use a Database Backup Plugin

Manual WordPress database backups are neither easy nor convenient to do. It requires knowledge of phpMyAdmin. Fortunately, WordPress plugin writers have addressed the problem. The best known plugin for this purpose is Lester Chan’s WP-DBManager. With this plugin, you can have WordPress automatically send you backup via email or store them in a folder on your server (or both).

Turn off Registrations

Go to Settings –> General. Untick the ‘Anyone can register’ box. Save your settings. Need to allow registrations? Then, I strongly recommend using the Sabre Plugin. Sabre is an acronym for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog.

Keep your Installation Up-to-Date

If you are not running the latest version of WordPress, then there is a higher probability that your site will be compromised. Hackers take advantage of the open-source nature of WordPress to analyze the source code and test it for potential vulnerabilities. Then, it is left up to developers and users to detect, track down, and then close off the code vulnerabilities that hackers are using.

Backup your Theme, Images, and Plugins Folders

It’s also a good idea to backup your theme, images, and plugins to your personal computer or on to a backup drive. If your host’s server completely crashes, you can restore your entire site.