How to Secure Your WordPress Installation from Hackers

April 6, 2011 | by

The popularity of the WordPress blogging platform has exceeded even the creator’s expectations with over 18 million installations to date. The original and embryonic WordPress platform started life in 2003. One of the founder members, Matt Mullenweg, was looking at ways in which to better the management of daily writing and along with a small number of programmers, came up with what we know today as WordPress.

With so many installations across the web it is no wonder the platform has come under numerous attacks from hackers attempting to infiltrate installations to either deface websites or steal personal data. Thankfully, WordPress is a pretty robust system in itself and has a plethora of security features to stop would-be hackers in their tracks.

Has your WordPress Install Been Hacked?

Being an avid WordPress fan, I have suffered several botched attempts as well as some infiltration successes. There are a number of steps WordPress site owners can make to their installations in order to help deter hackers. Here we look at a couple of effective steps you can take to better secure your WordPress enabled website.

Lock down your WordPress Admin Directory (/wp-admin/)

By restricting access to your most important WordPress directory you can essentially stop most attacks dead in their tracks. This is easily accomplished through some small additions to your .htaccess file, and whitelisting (allowing access) to ‘approved’ PC connections through IP address recognition. Simply add the following line;

allow from (replace the 1’s with your own IP address(s))

Make use of to find it). If you access your blogs from different IP addresses (whilst at work for example) then simply add another line and input this IP address as well.

This very small alteration to the .htaccess file will really improve your personal blog security by restricting IP addresses to only those computers.

The second step you can take to deter would-be offenders is to conceal one of the most targeted exploits in WordPress – the ‘plugins’ folder;

Concealing your WordPress Plugins Directory

Given the massive amount of 3rd party WordPress plugins available this is a primary angle for hackers to target for the reason that plugins become outdated quickly. In addition, some may not have been programmed with the end users security in mind and are easily exploited.

The best way to stop hackers identifying whether you are running a particularly vulnerable plugin is to conceal the plugin directory from them in the first place. You thought that it was already right? No!

The easiest way to accomplish this is to create a blank file entitled ‘index.html’ and upload it to your wp-content/plugins/ folder. This simple step will conceal your directory of plugins from prying eyes.

Graham Turnbull is a freelance writer from the UK and specialises in search engine optimisation techniques. He is currently working with Fresh Egg SEO a respected and authoritative web search improvement company in the UK.



View all

view all