Creation of blog is not a big deal these days but the problem is to maintain it. A person having a Google account can easily start a new blog in minutes using blogger. But many people prefer WordPress for their blogging career. Due to its user friendly interface, awesome plugins and customized themes, wordpress is gaining much popularity among new bloggers. The main problem which is faced these days by a lot of WordPress users is that wordpress blogs are more vulnerable to malwares and hacks. If you search on Google about wordpress hacks, you will see thousands of websites with different techniques about wordpress hacking. So, important point is to secure your wordpress blog before its hacked.
Causes and Solutions of Hacked WordPress Blogs
There are different ways people adopt to hack wordpress blogs. So, before applying taking some security measures, it’s important to have idea about those hacking techniques. So, I am going to mention common causes of wordpress hacks with a solution of each.
Infected Themes and Plugins
The most common way used for hacking wordpress is that hackers use a backdoor to access server data without authentication. The backdoor is mostly left in the coding of WordPress Plugins and Themes. So, when a person installs a plugin or theme containing malware or malicious code, the hacker can access those infected sites without knowing the administrator of blog. So, it is important to use paid wordpress themes from trusted sources. Install plugins with good rating and only from wordpress plugins directory.
.htaccess files are configuration files that control the security of files are folders on web servers and also the behavior of site. These files should be handled with great care and their permissions should also be restricted so that hackers may not access them. Sometimes, hackers place malicious codes in .htaccess files that can completely change the behavior of sites like redirection to the other sites can also be done by hackers using .htaccess files. Change permissions of .htaccess files so that only user can access those files. Do not ever use 777 permissions for .htaccess files.
Unsecured Web Servers
Choice of web hosting is also big deals for bloggers. Sometimes, free and cheap web hosting companies attract customers by showing unique features. But those kinds of web hosting companies can also lead your blogging career to the end. Most of the time it happens that websites hosted on the same server are hacked due to poor security system by the Hosting companies. So, a good and secure web hosting should be the 1st choice for bloggers and website owners. I will recommend you to use Hostgator.
The most sensitive and important wordpress core file is wp-config.php. It should be handled with great care. Most of the time, hackers place encoded malicious codes in Wp-config file that causes redirection to fake sites. I also faced same problem with one of my blog and the malicious code that redirects all the traffic from Social network sites to another website. Actually the code was base64 encoded and it was placed in wp-config.php file. After that, I changed the access permissions of wp-config.php file and denied others from editing it.
In order to make your wp-config file secure, place the following code in .htaccess file of root folder.
# Deny public access to wp-config.php <Files wp-config.php> Order allow,deny Deny from all </Files>
Admin Directory Protection
This directory includes all the admin panel files and other important data. It means that if someone gets access to this folder, he can easily hack and destroy your website. So, this folder should also be secured. You can restrict access to admin directory to a specific ip address by placing the following code in .htaccess file of wp-admin folder.
<Files wp-login.php> order deny,allow Deny from all allow from xx.xxx.xx.xx </Files>
Replace xx.xxx.xx.xx with your own static ip-address.
Security Measures For WordPress blogs?
Well, I have already mentioned above some security tips along with the causes of wordpress hacks. In order to ensure more security of your wordpress blog, I will recommend you to install better wp security plugin. I am using this plugin since 2 years and extremely satisfied with its performance and cool security tweaks.
Following are some additional tips to make wordpress more secure from hacks.
Install the simple plugin and enable Google authenticator 2 steps verification on wordpress login screen.
By installing this plugin, you can limit login attempts on your blog.
It is recommended not only for wordpress admin dashboard but also for email accounts. Because if someone hacks your email associated with your admin profile, he can easily reset your passwords.
Databases contain all the data of a website so it’s important to have daily backups of database. Use plugin to get scheduled database backups through email.
WordPress Malware Detection
It is important to know whether blog is really infected by malicious codes or not. The best and free malware detection website I found is Sucuri. When my blog was infected by malicious code, I used this service to scan my wordpress blog and I was really impressed by its working. After scanning my blog through Sucuri,I got better idea about the type of malware due to which my blog was infected. The good thing was that I successfully located the malicious code myself and removed it. Sucuri is also offering paid services for malware removal, blacklist removal and different other premium features. A free plugin from Sucuri is also available for wordpress. Install it and scan your wordpress blog directly from admin dashboard.
If you have also faced such type of issues, then share your experience with us in the comments. I will be happy to know about security measures you take to protect wordpess blogs from malwares and hacks.