Hacktivist groups Lulzsec and anonymous are once again on the hunt. Their actions have attracted much attention for piracy, and you can be sure that many bored kids and shady characters are interested to start too much piracy.
If your blog was the target of a rookie hacker, develop his skills to the Court of the great? All your hard work building a better blog, growth of traffic and readership and make money with your blog is compromised - or, worse still, lost forever.
Fortunately, WordPress is secure enough out of the box and provide frequent updates. Better still are the super-simple following actions you can take to ten times more secure WordPress. (Not scientifically verified!) (Your mileage may vary).
The wp - config .php file contains all your WordPress configuration information and parameters. It is involved more if hackers to access this file - they would be able to inject malware into your blog pages, or * gulp * delete the entire contents of your blog.
A little known WordPress feature is that you can move the wp - config .php file one level above the root of WordPress. On most servers Linux, wp - config .php would be located at:
~/Home/user/public_html/wp-config.phpSimply FTP on your server and then move wp - config .php above the public_html directory so that it is located in:
~/Home/user/WP-config.phpIn this way, wp - config .php is outside the web root to the public and is no longer accessible to the scripts and robots that hackers can use on the Web.
There are no other settings to configure - WordPress will automatically be able to find a wp - config .php above level. Easy, right?
Warning: This trick will not work if you install your blog in a subdirectory (e.g. public_html/blog) or as an add-on domain in cPanel (e.g. public_html/yourblog.com).
Time: 1 minute
The WordPress default Administrator account has a user name "admin". Each hacker noob would know that therefore using "admin" as the user name is like having a back door to your home each thief knows. Do not ever use this as the primary account. Choose a different user name during the installation of WordPress.
""If you have used the 'admin' user name, go to the dashboard"users" screen to add a new user. Create a new user with the role of the administrator. Now, disconnect and connect again as a new user.
Go to screen users again and remove "admin". You can transfer any content created by "admin" to your new user account before you confirm the deletion.
Time: 1 minute
WordPress allows so readily update itself, more plugins and themes, the most recent version. It's so easy that you (or almost) deserve to be hacked if you stay not updated. A minute by installing updates to spending will save you hours or days of frustration and headaches if never get you hacked.
Plugins and themes should also be updated regularly. All the plugins and themes from the WordPress directory integrate with the automatic update feature. Many themes and premium plugins have updates automatic, which is another great reason to invest in a framework of high quality for your blog theme.
Time: 1 minute
Finally, plugins dealing with security are another way to reduce the likelihood of your getting pirated blog. Two plugins really good that are WP Security Scan and Secure WordPress by WebsiteDefender.
WP security scanner is provided with several tools to help secure your blog
The Scanner checks the permissions of the WordPress files and highlights any with the wrong permissions. FTP on your server and change the permissions accordingly.You tells the strength of your password and the password tool also generates random passwords and Super that you can use.The database tool backup the WordPress database and modify the database prefix. Use it to change your prefix of database to something like "7yhj2_". It is therefore difficult for hackers to guess your database table names when you try to perform SQL injection.Secure WordPress takes a different approach and helps improve security by removing clues that can help hackers to detect vulnerabilities in your system. Screen of the parameters of the module is a simple list of check boxes are all delete connection error messages, application to remove the WordPress version numbers and even block the malicious URL. I recommend to enable all checkboxes, except if you have a specific need for one of the characteristics that it blocks.
Time required: 2 minutes
The above steps will be considerably improve the security of your blog and to prevent becoming a target of opportunity for Rookie hackers. However security is an ongoing process and also involves practicing safety a habit.
Remain vigilant and to make a point to follow news of security for WordPress, especially if you use it for your business. You should also learn as much about security as you can. ProBlogger archives are full of great messages that contain information far more to keep your blog hacker, spam and spyware and even planning for a disaster of blog free!
Now, please take five minutes and perform all the steps above. I wish good luck and hope that your blog remains free of hacker!
0 коммент.:
Post a Comment