How To Protect Your Blog From Hackers

A good part of the users out there is by now familiar with the fact that WordPress is one of the most widely used blog software on the Internet. It even went beyond the sphere of blogs and became an excellent basis to create any type of website. However, the Internet as a network contains a number of dangers that leave users open for attacks by hackers.

Just to clear something out, it’s impossible to prevent all forms of attacks on your site, but there are a number of steps you can take to prevent users from WordPress and their websites. WordPress users were adopted on that platform, thinking that it is quite pleasant to use and quite flexible. Further more, they also agreed it has a very good support. Because of all of these options the user might expect a certain level of security that can be achieved with the help of a couple of the recommendations listed below.

The Danger is Your WordPress Blog?

In the past, hacker’s aim was simply to bring down a website. These criminals, however, understood that taking someone’s site down provides no benefits. Today’s hacking comes down to “re-writing” the page to their personal favour. WordPress hackers do this through “link injection”. They hack into a hosting account of a particular user where the files are stored and used by WordPress, injecting a specific line of code that draws on all sides of the site. The two main negative effects of this decline were:

  • Time and resources are needed to cleanse the consequences of attacks
  • A rank reduction at large search engines

Users of WordPress invest a significant amount of time, energy and financial resources to set up and maintain a blog. A blog can also generate profit for its owner and maybe even bring acclaim. “Page rank” is threatened when search engines on the attacked pages notice suspicious links, and designate the site as unsafe. When the “page rank” is threatened by attack, a user of the site may lose a visitor, and thus revenue.

How to Protect Your WordPress Blog?

The aim of WordPress blog protection is to prevent external users’ access to files that makes WordPress core. By taking the following measures a blog owner can actively participate in the fight against hackers.

Standard Blog Maintenance

A very important component of maintaining a good blog is the belief that plug-ins and themes come from trustworthy sources. The best way to make sure that these factors are checked is downloading them from site and verified authors.

Besides this, regular updates of plugins, themes and WordPress is also an important part of maintenance. Each update corrects certain bugs and vulnerabilities that appeared in the the software. It is best to update plugins and themes before the installation update. Otherwise, some compatibility issues might occur.

WordPress users also need to know that it is very important to have a regular backup of the entire installation and database. They must also be familiar with the process of restoring the entire backup if needed. The ideal backup would be the one that is done on the server, and not through the administrative section of WordPress.

Password Security

A strong password is the first line of defence against hackers. It is best if it’s a combination of numbers and letters, but so that this combination can be very difficult to guess. Of course, this combination should be random, which requires the user to keep the code in a location that is safe. There are free sites that can generate such a code.

Password Security

To further strengthen your security code, WordPress itself has the possibility of using secret keys. The secret key (secret key) is a hash, which adds a random element in the password. Turning the secret keys how-to can be found on the WordPress API site. Copy the information you find on this site and replace the corresponding part of the code in the wp-config.php file with the code that you copied. For the existing installations this will delete the cookies that are stored in the browser on your computer and force users to log in again.

Creating of the Secure Username

Default administrator account name for WordPress is “admin.” Most hackers know this, and therefore half the information they need to access user data. The other half is the password for this account. To protect this account, the username should be changed into something unique. This can be achieved in two ways, depending on how well the user operates with MySQL.


Users who are familiar with MySQL commands can use phpMyAdmin and the following command:

UPDATE wp_user_login = 'new user' WHERE user_login = 'admin'

For those who are not as familiar with MySQL, there is another way to get on top of things:

  • Create a user with aunique username
  • Assign it admin position
  • Log off and log in again using the created order
  • Delete the admin account

Recommended Security Plugins

There are several plugins available to WordPress users who can assist with your blog security. Here are a few others that we recommend:

WP Security Scan

This plugin scans for weaknesses that can allow hackers to obtain the files. Also, it suggests on how to correct these weaknesses. WP Security Scan doesn’t have to be constantly switched on.

WordPress Exploit Scanner

Files scanning, searching for evidence of the hacker attack, WordPress Exploit Scanner can alert the user to some problematic parts. Similar to WP Security Scan, this plugin can be temporarily set.

WordPress File Monitor

This plugin constantly monitors the files and alerts the user if there are some changes. Based on this, the user could easily identify the changes that are a result of attacks by hackers. To be effective WordPress File Monitor should be permanently on.

Login Lockdown

Limiting the number of login attempts, this plugin prevents hackers to guess a user’s password by trying to guess login form on several attempts. The number of attempts can be configured by the user. Login Lockdown should always be active.

Permissions on Folders and Files

Another method of preventing the hacker attack is to ensure that the permissions on the folders and files are setup properly. Most hosting companies allows you to change file permissions through control panel. If this is not the case, then an ordinary FTP programs provide the ability to change user permissions.

Permissions on Folders and Files

A good practice is to set file permissions to 644 and folders permissions to 755. This will give access to plugins and themes they need. If a problem occurs because of certain permissions, it it can be changed.

Changing of the Prefix on the Table

WordPress tables used in the database come with the prefix wp_. This is another piece of information that hackers know very well. Files in the database can be hidden if the prefix is ​​changed from the default to a unique one. These changes can be made within the file wp-config.php. These changes are the best thing to do before installing WordPress. Changing existing tables that are used can be quite complicated.

Moving wp-config.php File

After the release of WordPress version 2.6 users got the ability to move wp-config.php file. Moving files can prevent hackers to find the file and to make unwanted changes. The file can be moved only in the parent directory of WordPress installation. For example, if a file is installed in:

public_html / wordpress / wp-config.php

it can be moved in:

public_html / wp-config.php

WordPress is programmed so that it searches only for the parent directory. If the configuration file is moved to another location, the error will occur.

SSL Encryption

Locking Through .htaccess

This method can be a bit difficult to adjust, but it is very effective at combating attacks by hackers. The aim is to specify the IP address or range of IP addresses that can access the administration site. To do this, create a .htaccess file in the wp-admin directory. This file should contain the following information:

AuthUserFile / dev / null

AuthGroupFile / dev / null

AuthName "Access Control"

AuthType Basic

Order deny, allow

deny from all

#IP Address to the whitelist

Allow from

You may define as many IP addresses as you like, and of course changing the IP address is simple and easily done. There is one downside of this method, though. If multiple computers from multiple locations access the admin section of the site to do things there will be a lot of IP addresses that should be monitored. For users who need access to the admin section with multiple locations this can be a problem

SSL Encryption

WordPress users can include SSL encryption at login to the Administración part of their site. This can be achieved by changing the file wp-config.php. The file needs to add the following line of code:

Front end login - define ('FORCE_SSL_LOGIN', true);

Login to the admin part - define ('FORCE_SSL_ADMIN', true);

If the user wants to use this option you need to convince him that, before turning on the same, the server which features the website is supported by SSL encryption.

SSL Encryption

You Can Protect Yourself From Attacks

Dangers of hacker attacks on the blog are a reality, but there are ways to prevent such situations. With regular maintenance and preventive measures users can prevent most of these attacks. By following the above mentioned measures a high level of safety of your WordPress system is achieved.


Tags: , , ,

2 Responses

  1. Bilqees Kenchi March 24, 2016 at 1:56 pm #

    Hello, friend my question is that, please tell how to secure wordpress blog /site from hackers? Is this responsibility of hosting providers or my-self. Kindly tell some plugins for wordpress.

    • Ivan Blagojevic March 25, 2016 at 11:43 am #

      Hi, the main responsibility of hosting providers is to provide a safe environment for setting up the website. This responsibility is at the server level. It also means that you will be protected from other users on the server, but every software that you install by your choice(this includes WordPress and plugins) is your responsibility.

      We wrote an article that will help you protect your WordPress site:

Submit Comment