How to Protect a WordPress Blog from Hackers

Keep the WordPress installation up to date. Although at times it seems like there’s a new update released just about daily, it behooves the blogger to install the latest release to keep the WordPress blog updated. Some of the updates increase WordPress functionality while other updates are bug fixes and close security holes; either way, the more up to date the blog the more secure it is.

Changed passwords frequently. Many times bloggers will keep the same admin password for as long as they own the blog. It is wise to periodically change the password. When changing the passwords make sure it is secure my using upper and lower case letters while numbers and special characters. For example, the password ‘test123’ would be more secure if it were ‘TeSt&123’. Don’t forget to change the password for the mySQL database also.

Protect the contents of each file folder. By default, unless there is an index file located within a folder, the average web surfer can access unprotected directories and view every file within the directory. To prevent a hacker from gaining access to your files, insert an index file (index.html) within each folder.

If the site is extensive with plenty of folders, it might be easier to modify the .htaccess file. To do so, the blogger must go to the root directory of the domain to access the .htaccess file. All it takes is inserting one line of code to prevent directory contents viewing. The following code to add is as follows: Options –Indexes

Look for malicious code. This one can be tough. Some hackers access the footer.php and/or header.php of the WordPress theme. Be sure to check the footer and header files for suspicious code. Another common place to find malicious code is in the plugins directory.

Remove unused themes. Do not give the hacker an opportunity to insert code into infrequently used files. If the file is not used, delete it. Why give the hacker a larger selection of files to choose from.

Seek help from the web hosting company. Hosting companies do not like having their servers hacked. Web hosting companies such as HostGator offer top notch service when it comes to helping customers find malicious files and open back doors.

Back up the themes and database. It is also wise to backup the WordPress database and themes. This will not prevent a hacker from accessing the site but it will help the blogger to restore the blog back to the pre-hacked state quickly.