Keep Your WordPress Safe from Hackers

WordPress is a free-to-use content management system and an open source platform for blogging, and hackers are always experimenting new ways to crack its security wall. Although it has good security features but putting some extra locks will make your contents safer.

A commonly adapted methodology used by both hackers and id crackers is the ‘dictionary attack’ by which hackers use every possible combination of characters, spaces and numbers in the password dictionary (usually a text file). Commonly used word passwords are easy to detect through this kind of hacking attack. Hackers use software that makes different combinations and logs into WordPress multiple times in a short time until a login works. User Locker is a useful tool against dictionary attacks. Hackers need a username registered on the database of the blog. Once they have a valid username, all they need is its password for which they use dictionary attack method. User Locker permits a maximum number of failed attempts and when it exceeds, the account is locked and the user needs to use the ‘lost password’ option of WordPress to retrieve the password. The user whose username was being used to find the password will find its account blocked and eventually administrator will learn about a possible hacking attack.

If you have setup your WordPress blog on a free hosting server or don’t have new encryption and security features such as SSL, use third party password encryption plugins such as Chap Secure Login. Once activated, the plugin will encrypt the password with SHA-256 algorithm before sending it to the server. SHA or Secure Hash Algorithm was developed by NSA (National Security Agency) that uses mathematical hash functions and combinations to encrypt the password, and it is worthless to spend days to de-encrypt it. This is not the finest line of defense but it is a good security tool for amateur bloggers who don’t have a budget to purchase a SSL certified hosting plan.

All major WordPress hosting companies including GoDaddy and HostGator offer SSL certifications. Hosting plans with SSL certification cost more than regular plans but the former will give your WordPress blog the finest security protection against hackers.

By Haris Amjad – Screenshot of http://www.godaddy.com/ssl/ssl-certificates.aspx

But at the same time it is important to make sure that the WordPress platform itself as well as all plugins and themes are up-to-date. New version provides better security from hackers and new tools as well. For instance, the new version of WordPress like 3.4 and above don’t display the version of WordPress because giving away some essential information can be very critical if they go in wrong hands. The version of WordPress will tell hackers about security features, code patterns and security breaches and backdoors present in each version of WordPress. Updated plugins also have less bugs and keep hackers from getting access to blog’s administration because hackers often look for bugs in plugins and letting themselves know what plugins can be very vulnerable.

WordPress makes it easier to manage contents, and easily catches bugs that not only slow down WordPress but they also help hackers find security lacks and get access to private information about the blog. WP Security Scan is a useful tool that scans WordPress for some common errors and bugs occurring with ‘timthumb.php’ file while uploading images (some of which are corrupt) to WordPress. WP Security Scan works like any other plugin and it offers basic bug fixes, measures vulnerability and suggests preventions. But the practice of updating Worpdress and plugins on regular basis is still the recommended and complete solution to bugs.

These simple tools and tips will help you improve your WordPress security and protect your blog from hackers.

Author: Haris Amjad


»