Wordpress - 8 Ways To Prevent Your Blog From Being Hacked

1. Backup

This is the first step and the most important. Before you plan on making any changes, make sure you backup your entire website and DB. You can do this manually from the helm control panel, using the website backup icon to backup the webfiles and using the mysql icon, click on the database for the wordpress sute, and click on make backup or you, this allows you to restore your site back to the current way it was running in the event there is an issue, or you can use an available plugin like backup buddy which backs up your entire wordpress blog. Unlike free plugins which only backup your database, backup buddy exports your entire database with images, files and whatever you have in your blog’s content folder- Pretty sweeet!

2. Update WordPress Version

Second crucial step after backing up your blog is to update it to the latest version. You should always make sure that your blog’s version is up to date. WordPress team creates patches to help fix security holes. Follow wordpress feed to find out about the latest updates or you could simply login to your admin.

I would also recommend that you follow WordPress Development and BlogSecurity as they will inform you whenever a new patch/fix is released.

3. Change your Login/Password

The default wordpress login is “admin” and most hackers know that. We should change this to something else that would be difficult to guess. Something like “rogers12” or “donhoe2” is good examples. The best thing to do is delete the default admin and create a new custom login.

I suggest that you use strong passwords which include upper/lower keys, numbers and symbols. Something like “rockSTAR19!@” or “Anabel2@!” is a great example of a strong password.

Most hackers try to brute force the password so if your password is really strong as I mentioned earlier, you should be fine.

Do not use birth days, names, pet names or hobbies as passwords. People who are close to you know a little more about you; you don’t want any wild guesses :)

4. WordPress Keys in wp-config.php

I didn’t know much about wordpress keys but it is another important security measure. These keys work as salts for WordPress cookies thus, ensuring better encryption of user data.

Use the WordPress Key Generator to generate these keys. Now open up your wp-config.php, find the lines that look like below and simply replace with the generated ones:

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);

Save and you are done!

5. Install WP Security Scan


Wp Security Scan

This plugin is the real deal. It’s simple and automates stuff. It will scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc. If the texts are in green in the admin panel then you should be good. However, they will not just be green; sometimes you have to make them :) . And I will tell you how.

6. Change Table Prefix

How to Change WordPress Table Prefix using Wp Scan

The default table prefix for wordpress is wp_ . I know that, you know it and I am sure the hacker does too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. A good prefix would be “mashjg23_” or “sasdoe265_”. Changing your database table prefix is highly recommended and you can do this in two ways. The manual way requires some work and is not suitable for newbie; here’s when WP Security Scan Plugin makes your work much easier. It has a tab called “Database”. Once you are in it, you have the option to rename your entire table prefix to something that is tough to guess. Do this and you will be a step closer to strengthening your blog’s security.

DB Password: How strong is your database password? Both your wordpress login password and database password should be strong. Include upper/lower keys, numbers and symbols.

7. Prevent WordPress Hack by Blocking Search Engine Spiders from Indexing the Admin Section

Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. We do not want to index the admin section as it contains all the sensitive information. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

8. Install wordpress Firewall 2 plugin

Last but not the least; you can install WordPress Firewall 2 which actually protects your blog from malicious hackers. It blocks the attempts of the hacker and notifies you when abused. Only the negative point of this plug-in is, it sometimes even blocks our action. This can really get annoying and I do not really recommend this plug-in unless you have SUPER Hackers and bots screwing up your blog. Stick with the .htaccess hacks since they do the job pretty well and your blog should be just fine.

Furthermore, Check out these amazing wordpress security posts written by others to prevent wordpress hack :

Best Ways to Improve WordPress Security




Prevention is better than cure. I cannot personally guarantee that your blog will not get hacked after implementing the methods I have mentioned but, I am sure the chances of getting attacked will be very less.

How secure is your wordpress blog? If you have a tip or a piece of code you would like to contribute then use the comment box. I bet after reading this post, you will know how to prevent wordpress hack to some great extent

  • Email, SSL
  • 9 Users Found This Useful
Was this answer helpful?

Related Articles

What is SQL Injection and How do I prevent SQL Injection attacks?

SQL Injection: What is it?SQL Injection is one of the many web attack mechanisms used by hackers...

Website Hacked ? Some common tecniques of how its done

We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL...

What is Cross site Scripting and Preventing Cross Site Scripting attacks?

What is Cross site Scripting?Hackers are constantly experimenting with a wide repertoire of...

Wordpress error when updating plugins or upgrading

Wordpress since version 3.2 has been giving some clients issues, to resolve this problem, edit...

Display detailed information rather than a generic 500 error

If you are receiving the dreaded 500 error, you can follow the below temporary patches to display...