So you have finally set up your blog and the number of visitors are catching up too. But sadly, there are people who hack into blogs either for fun or to malign work of others.
Here are simple tips to keep hackers away from yours.
Upgrade your software
Perhaps you have wondered why blogs releases a new version of their software every few weeks. Thousands of people go over the Wordpres code every day in an effort to improve it. A lot of the time, they are trying to plug up security vulnerabilities which hackers have figured out how to exploit.
By upgrading regularly, you can be sure that you have all the latest security fixes.
Update plugins
Many times, hackers will figure out how to gain access to your blog through a vulnerability in one of your plugins. The creators of these plugins often release updates that are more secure, which is something you should take advantage of by updating them regularly.
Hide plugins
If the hackers don't know which plugins you have, then they won't know where to begin trying to hack your site. The way they find out which plugins you have is by looking in your /wpcontent/plugins directory. If you create a blank document, save it as index.html, and upload it to this directory, you can prevent anyone from accessing this information.
Alternatively you can block the standard file list from showing with .htaccess.
Get rid of Admin
Do you still use "admin" as your username to log into your account? If so, you are making things much easier for hackers. If they know the username of your administer's account, then hackers already have half of the information they need to break into your account.
Use strong password
If your password is something like "wood floor", then it can be extremely easy for hackers to guess. They can often simply use a program which guesses your password based on dictionary entries. Create a lengthy password made up of upper and lower case letters, numbers and characters in no particular order and avoiding dictionary words.
Login securely
One way that hackers will steal your password is by intercepting it through the network while it is on its way to most blogs. You can solve this problem by installing the Chap Secure Login plugin. This plugin will automatically encrypt your password when you login, so the hackers will only be able to see your username.
Remove your version information
Often, hackers will attack your site based on the version of the blog you are running. If they don't know which version you are running, they won't know how to attack your site. Install WP Security Scan to remove the identifying code from the header and feeds.
Prevent brute force attacks
One of the simplest ways for hackers to break into your account is to try different passwords over and over until they find one that works. The easiest way to prevent this is to use the Login LockDown plugin. If someone fails to guess the correct password three times within a 5 minute period, this plugin will prevent them from even trying again for the next hour.
Source: TOI Tech article
