Comments (54 responses)

  1. Laren says:

    Back up data! Key point. Speaking from the painful and time consuming experience of my computer crashing and losing all my data and blog entries. And update to the latest version of WordPress…good tips to cover, thank you much for sharing them.

  2. Sonicjar Music says:

    Thanks man!! this really helped.. Just Secured our plugin directory!

  3. Impact Ads says:

    Thanks for the info. Had a guy take down a site belonging to one of my clients. Want to do everything I can to protect his new site.

  4. Timber says:

    Thanks for all the tips, very good advice and I will put into practices straight away.

  5. Peter says:

    I think it is important that you follow those tips. For myself, I also have one measure to help protect my site. Instead of using normal FTP application to connect to the site, I use Secure FTP application to upload my stuff. This way, it prevents hackers from listening in to the connection and finding out what my passwords are. This should be particularly useful for web design companies.

  6. Fotografia de Casamento says:

    After an exploit attack I decided follow this steps and never more I had an atack. The issues are reliable. Thanks a lot for these valuable information!

  7. admin says:

    You can simply add the following line of code in your theme’s functions.php file and it will do the job:

    remove_action('wp_head', 'wp_generator');

  8. Sagar says:

    I use login lockdown to protect my blog, how do I hide the WP version from my blog?

  9. Anita Clark says:

    For those of us that rely on our sites to drive business, it’s imperative to both backup and protect our information and the database too.

  10. Mike says:

    some things never change, like doing regulary backups and updates.
    We are using now WordPress 3.3, but your article from March 2009 still is up to date 😉

  11. Linda says:

    these tips aren’t just applicable to wordpress, alot of them can apply to joomla or other cms platforms

  12. Rockabilly Clothing Australia says:

    Excellent tips mate,
    I always found it hard to administrate my wordpress site
    so your tips are a godsend 😉

  13. admin says:

    Go with WordPress :)

  14. New Look Discount Code says:

    Is WordPress the best software to use for blogging? I’m looking to add a blog to my website but am not sure which type of blog software i should go for. Any tips?

  15. USANA says:

    The problem with some of my .htaccess file contents disappearing occured when updating permalinks. It appears that was because my custom entries were inserted between the # BEGIN WordPress and # END WordPress comments. Moving my entries outside the WordPress BEGIN END solved my problem.

  16. vchileshe says:

    Thank you for this wordpress tips. Strong password is a good start and then learn to use the htaccess file to secure your website. its a jungle out there!!!

  17. kevin says:

    Ha! I wish I’d read this last week. thanks for the tips

  18. Zumba High Wycombe says:

    I’m just looking into setting up a wordpress site, so thanks very much for the great information. Book marking this now to keep returning back as I configure mine.

  19. Arsenal blog says:

    I have started my blog and have been looking for tips….wordpress or blogger?

  20. admin says:

    If you are on a shared server then it is hard for you to do anything on your end if the server gets hacked (if the root account gets hacked then there is nothing you can do). Just make sure to take regular backups so you can restore from a know point.

  21. Brand says:

    Great tips, although is there any way to protect WordPress from other websites on a shared server getting attacked (i.e. to limit potential damage)?

  22. web design says:

    Nice technique as I ever seen.

  23. SEO says:

    Whoa, very cool WordPress security tips… thank you for share

  24. Mailing Fulfilment Services says:

    I stick to a policy of using 6 letters and 6 numbers. This is the case for all of my passwords, not just my wordpress and blogspot ones.

  25. Allen Resha says:

    I have had my blogs hacked a few times. It is not fun to have to fix it. Since this has happened I have taken measures to keep it from happening again. This article adds insight and has given me some new ways to ensure that I don’t get HACKED again!

  26. Johnie says:

    ! I’ve been searching for some decent stuff on the subject and haven’t had any luck up until this point, You just got a new biggest fan!

  27. Kirk says:

    Many Thanks, i atleast can walk away knowing i’m a bit more secure without calling security LOL..

  28. robin says:

    Wow great article very interesting

  29. รับทำเว็บไซต์ says:

    OMG Useful tips :)

    Thanks you

  30. John Gamings says:

    Wow this is incredibly helpful. I’m fortunate enough to never have had any security troubles but I know a guy who got his blog hacked into and it cost him thousands. Thanks so much for this article

  31. admin says:

    Use the “Akismet” plugin.

  32. Mark says:

    I know this post is predominately about preventing your blog from being hacked however, how do you prevent the endless amount of spam comments that a blog receives. Admittedly i turn comment moderation on so i can delete them before they are added to the blog but it is laborious to keep deleting spam comments. Is there somewhere within the settings of WordPress, or indeed a plugin i could use to stop these comments?

  33. Dukes says:

    It looks like that picture is covering a solid paragraph of your post. As for people hacking into wordpress accounts, wow. I’ve never been that unlucky, or known anyone that unlucky. I have to give it up to the hackers that have though.

  34. Chloe @ Cheap dog clothes says:

    Very useful tips, especially the .htaccess part. Thanks a lot!

  35. iluminação says:

    I recently made a wordpress based hotsite to my company. After reading this post I decided add all protections listed above.

  36. decoupage says:

    Recently I’ve received a lot of spams through contact form. I’ll try add the suggested protections. Thanks for the tips.

  37. Ningbo says:

    THANK YOU for your great and useful article!

    I would also suggest to rename the famous “admin” default username by something totally different.
    To rename the admin or any other username you can try WP Optimize ( , it does the job in 1 second…

    Thanks again for sharing!

  38. iolo says:

    Hi, Thumbs up tips!

    I’m wondering if there any way that may help change or just rename wp-admin URL to something else!
    for example instead of wp-admin/profile.php i suppose it shoud be[UserName]/profile.php or[RandomNumbers]/profile.php

    Thanks in advance

  39. Riva Sinjal says:

    Nice tips… There are also a few useful security plugins in the wordpress plugins repository

    * WordPress Firewall – Identify and stop most obvious attacks (sql injects).
    * Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
    * CopyrightPro – Disable right click on your WordPress, disable selection of text,
    and protects from iframes.

  40. Albert says:

    Ya nice tips. We should back up our data because hackers can do anything at any time. So backup your data to protect the data base.

  41. Danny says:

    Nowhere did I see FTP as a concern. I think it should be, as the security is pretty basic and not as good as SSH.

  42. Madeglobal says:

    You could also try the “better-protected-pages” plugin available from which allows your users to “re-lock” a password protected page when they have finished reading it. We found this to be a major problem on public computers because the password protected page remains “unlocked” even when you log out or close the browser … the plugin fixed this issue.

  43. admin says:

    Hi RaiulBaztepo, You are most welcome. Who said your English is bad? 😛

  44. RaiulBaztepo says:

    Very Interesting post! Thank you for such interesting resource!
    PS: Sorry for my bad english, I’v just started to learn this language 😉
    See you!
    Your, Raiul Baztepo

Speak Your Mind