In the last few blog post we talked about:
- How to Setup your Own Blog, The Easy Way
- Picking the Hosting Provider & Setting up your Domain
- Setting Up WordPress
This post we discuss securing your WordPress blog and creating even more of a WordPress Firewall, as I call it. You don’t know what bot or person might be lurking around your blog to get access to installing malware or worse off taking control over your blog for there own nefarious reasons.
Photo by: Terry Mun
Now since you have installed WordPress and have it working now what do you want to do blog? Blogging will be coming later in this series but for right now we want to take a good look at removing your Default Admin user. Like the default routers admin profiles and password this makes it even easier for a hacker to try to find out the password. Although You should never use a simple password. You should always use numbers and letters in random order to make a really strong password and have it at least 8 characters long. The longer it is the better off you at preventing unauthorized access to your blog and your blog posts.
Prevent access to Wp-admin and or image directory from bots. This can be good you can also use this in combination to disallowing every IP but yours to help prevent people from gaining access to your pictures or you admin login page. This is all preference and how secure you want to control access to admin page. I feel if you have good security in place you should be in good shape. If you don’t have a permenant or static IP and have a rotating IP you can however increase your security by password protect the wp-admin directory from unauthorized people.
I’ve also been using a few plugins to help protect your admin page from hackers, they can help prevent unauthorized access by limiting how many times you can attempt an a login:
- Login Logger – keeps track of recent logins to WordPress for all users, as well as all failed logins. It records username, time, IP address and how long since each login attempt as well as time since last active for each user.
- Limit Login Attempts – Limit the number of login attempts possible both through normal login as well as (WordPress 2.7+) using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
I have talked about [intlink id=”3698″ type=”post”]Wordpress security plugins and other things[/intlink] you can do to better protect our WordPress blog. I would suggest looking at that and make sure you harden your security for WordPress so that you don’t have a problem with hackers. Although these are just a few you should go check out the WordPress article from the creators of WordPress and also consider using some of those recommendations to keep your WordPress blog secure.
On the next blog post we will talk about Blog themes and how they help your audience. We are almost done but do stay tuned.
