Secure Your WordPress Blog

WordPress is one of the most popular platforms in the world. If you're reading this, chances are you've heard of all of the insecurities your default WordPress installation has. Luckily for you, there are many tools and a few tricks to help make sure that your WordPress installation is as secure as it possibly can be.

WordPress Security

1. Make Sure WordPress Is Up to Date

One of the main problems people have with keeping their WordPress installation secure is updating. Follow these steps:
  1. Find the "Update" link under the "Dashboard tab" as shown below and click it.
  2. WordPress Dashboard
  3. Once you're in the Updates menu, you will be prompted to update your installation if needed, or to redownload it if it's already up to date (as seen below).
  4. WordPress Update Security

2. Ensure Your Host Is Running the Latest Version of PHP

It should go without saying. If your host is running an old, insecure, version of PHP, nothing you do will help you. The latest version, as of this writing, is version 5.4.3 which patches a buffer-overflow vulnerability. Any good website hosting company will be more than happy to tell you what version of PHP your server is running if you open a ticket with them.

3. Use a Blank HTML File to Hide Plugins

Hackers can use knowledge of your plugins to find vulnerabilities in your WordPress installation. Simply place a blank html file (a text file with the extension *.html that has nothing in it) into your /wp-content/plugins directory to make sure that they can't look up your plugins.

4. Block Access To Your wp-config.php

Simply put, you do not want someone to have access to your wp-config. It has your table prefixes, database login information, and more. If you forget to protect it, you're going to pay for it - dearly. The wp-config file is located in the root directory of your WordPress installation and is the holy grail of hacker information diving. So simply place:
<Files wp-config.php>
    Order Allow,Deny
    Deny from all
in your ".htaccess" file to tell Apache to make sure they don't get access to it. This will prevent any sort of unwanted access to your wp-config file. The ".htaccess" file is extremely important to the security of your WordPress installation (and your server as a whole). It would be wise to learn how to use it. Here is a good guide to get you started.

5. Install Secure WordPress

Secure WordPress is an excellent plugin that takes the guess work out of installation security. It takes care of removing nearly everything a hacker uses to get information on your installation. If there is one plugin you should be running, it is this one.

So there you have it. 5 extremely simple ways to get you started on your way to securing your WordPress installation. As WordPress is getting more and more popular by the day, hackers are becoming more and more vigilant at spotting exploitable holes in WordPress versions and then automating the task with the help of automated Google searches. Don't allow yourself to become a victim.
Author About
Akhilesh Sharma maintains and writes Tweak And Trick. He is a technology enthusiast and a science student.
You can contact him at

Featured Posts