Today I’m gonna share some interesting stuff with you.
I’ve been using Limit Login Attempts plugin for several weeks now (to know who is trying to access my WP dashboard – this plugin sends with the IP address if someone tries to access my blog).
Since then I’m averaging 4 to 6 attempts daily!
You heard it right. It’s 4 to 6 (WTF!!)
When I opened my gmail account, today again I saw one more message notifying me that you’ve encountered 6 login attempts.
Here’s the image..
So… this made me bit annoying and I immediately posted it on Facebook saying how to secure my WP blog.
After all, I’m investing my efforts, money and everything else to develop this blog. So, I’ve to take care of it right?
Immediately Syed Balkhi and few others responded with some powerful security tips which I want to share with you now.
I hope you don’t neglect this post..
Tip 1: Secure your WP admin directory
This tip was given by WP guru Syed Balkhi from WPBeginner
Tip 2 by Thomas Frank from CollegeInfoGeek
He gave me bunch of security tips (every tip is just awesome!)
Tip 3: Use .htacess and .htpaswrd files to allow only your ip to access the admin panel
This tip was given my best buddy Ahmad Awais from Freakify.com
Tip 4: Don’t neglect your primary email address too!
This is my personal security tip on saving your WP blog from the hackers. Don’t use easy passwords even for your primary email addresses which use on your WP blog.
Because, they may get your WP login details easily if they know your primary email address details. So, beware of that!
Now, it’s my turn to share some security tips to secure your WordPress blog.
How to Secure Your WP Blog?
What you must do to secure your blog?
If you’re still using admin as your username, immediately change it some other name, not even your original name. That can be easily cracked by others people.
[note]Don’t use admin as your username as most of the hackers or crackers use the same name to hack someone’s accounts![/note]
So change something into complex, where others can’t guess it easily.
But how you can change your username?
Don’t worry.. I’ll show you the exact steps which I used to change my username.
Follow these 5 easy steps..
Step 1: Login to your cPanel
Step 2: Scroll down to the databases section and click on phpMyAdmin
Step 3: Now, you need to select the database that you’re using
Step 4: Click on the table wp_users on the left hand side. Then click edit on the username that you want to edit.
Step 5: Change the user_login value to whatever you want. And replace ‘admin’ to some complex name!
Now, hit the Go button
Now login to your site with your new username.
How strong is your password?
Goto this site to know how secure is your password
Essential WordPress Security Plugins
WP Security Scan – This plugin will scan your entire WordPress installation and it will suggest you regarding security vulnerabilities like
- passwords
- database security
- file permissions
- admin security etc
WordPress Database Backup – This will help you backup all your core data and other content of your choice to the destination your choose on hard disk, email or remote server.
AntiVirus – This keeps your blog protected from spam and malicious scripts.
Limit Login Attempts – It limits the amount of times an IP can try to log in before locking it out for a specified amount of time. You can also configure it to lock out that IP for a much, much longer time upon a certain number of lockouts. This is the plugin which I personally recommend.
SI CAPTCHA Anti-Spam – places a CAPTCHA on your login page. This, coupled with Limit Login Attempts, should keep out brute force bots forever.
Want to still increase your WP security?
Check out these two articles..
- How to Beef Up Your WordPress Security
- How to Password Protect Your WordPress Admin (wp-admin) Directory
Don’t neglect the security of your WP blog, there are so many security attacks happening everyday. So, make sure you’ve powerful security for your WP blog.
Read: 15 WordPress Plugins that I Use On My Blog And Why You Should Also Use
Do you have any more WP security tips?
Nice tips Rahul. Securing your hard work is the most crucial thing to do. I myself do pay a lot of attention towards the security of my website. Keep up the Good Work.
Good to see you have written on this topic, Similar article I have written yesterday because I also received requests from users on how to secure a WordPress.
I’m using Login Lockdown plugin to protect my WP admin from failed login attempts and it doesn’t send the fail login attempts on my email. So I might check out Limit Login Attempts plugin.
These days, Almost every WP user knows that using “admin” as their username isn’t good idea.
hello rahul really bro Awesome post :) great tips about WP Security thanks for valuable article :)
Rahul,
Thanks for these tips on securing your blog. The screen shots are helpful to better understand how to apply them. I look forward to using these techniques an reading future posts.
Thanks
Jerry
Wow bro … Thanks for sharing. Me too was fearing of the same thing [Hackers & Crackers]. I wanted to be a hacker and hack websites but don’t like to be hacked. And Ha :D Ha :D 285 nonillion years :P
First of all, thank you for the very first tip in your article. I am gonna do it soon.
I think, you should have given a look to the plugin I suggested.
#1: There is no need to install Limit login, Database back up and security scan plugin, if you install the plugin I mentioned.
It gives you an option to make regular back up which can be sent on your email or directly to your ftp directory, you can set the time of regular back ups.
It has a built-in limit log in system which can blog the host or users for specific time on specific attempts (according to you).
At first install, the plugins gives you all information, like what security issues do your site have and which can be fixed in few clicks.
#2: The suggestions by Thomas are great, most of them are included in the plugin.
#3: You can change the name from ‘admin’ to something else with a REALLY SIMPLE way with that plugin.
#4: FOR YOUR PROBLEM, having many failed login attempts, you can BAN USERS or Hosts in that plugin if you see the same IP address trying to login. The plugin does this automatically.
There are many other awesome options in that plugin, one of them, I love the most is, Away Mode. It disables our WordPress backend when we go to sleep (we can set the timings).
See, that’s why I was suggesting that plugin. So many options in a single one.
Here’s what Justin (DragonBlogger) wrote about it: http://www.justingermino.com/better-wp-security-you-should-have-it-now/
Here is some awesome information about security and plugins from one of the awesome bloggers out there: http://www.iblogzone.com/2012/03/best-wordpress-security-plugins.html
And this one too: http://www.thehealthybeehive.com/so-your-site-got-hacked/
LOL! I hope you don’t mind for the little comment from this side.
The security of a site is definitely a vital issue to look after. Since we put in so much effort into building a site, it only makes sense to follow some necessary steps so as to have maximum security.
Thanks for this detailed post, Rahul!
Hello Rahul,
Nice tips bro, I am very serious for my WP site security, i also got various emails related to my WP security.
Now, i’ll try all the plugins which you’ve mentioned above and i’ll follow your guidelines to secure my WP site. I am worried about security of my site.
Thank You so much for sharing knowledge with us.
Hi Rahul – another great tips from you. And I didn’t implement your previous tip about email subscribers… Not so fast, please ;)
Thanks for sharing,
Chris
I just left a comment on your email subscribers post, I hope it helps for your blog Chris :)
Hey Bro,
I just came from Eshan’s post on securing our blogs. What I will say is, why do they think we’re so silly to not have changed the Admin account password, better yet I don’t even use it. They are just trying their luck I assume. Providing you create regular backups – worse scenario you’re protected.
Thanks Raul … I am a web designer and have noticed some “vulnerabilities” of wordpress, as free access to folders in the directory … I know we can block them from Cpanel, but many people do not know this, and from there you have access to all uploads …
You forgot to mention one of the best wordpress security plugin..ie WP Security Plugin.
Thanks for adding it Yash :)
Hey Rahul !
Thanks for mentioning me here. I would like to raise a point. All of us should try manual methods of protection.
Even if we use a plugin to protect our blogs we can disable them after following the steps they mention in it.
One should never trust a third party plugin in case of blog’s security.
Great tips rahul…..essential post for bloggers like us cause content is king and if someone delete it, it will be like having a heart attack
HI Rahul Kuntala,
Thanks for sharing informative tips to secure WordPress blog, after amit agrawal’s blog hacked, every bloggers are searching for the same and I think this tips will help fellow bloggers to do same.
Great post, keep it up!!