OnlineEarning .Blog

The OnlineEarning .Blog is a blog about Making Money Online through various legitimate ways, specially using a blog. The creator of this site makes money online and lives a good life after leaving his day job. If you run a blog, you too can make money. All you need is a little bit of guidance in the beginning. That's why http://onlinearningjob.blogspot.com/ is here for you! Take a look, browse through the pages and start earning a decent living off your blog(s)

Search

ONLINE EARNING MONEY

ONLINE JOBS

MONEY BANK

ONLINE MONEY

EARN MONEY

EARN 4 YOUTH

10 Essential WordPress Security Tips

One of the biggest drawbacks of WordPress CMS vs Blogger is its security. Thousands of WordPress blogs hack daily and hackers not only hack blogs but delete all the files and folders in it. My blog Internet Khazana was also hacked last month and hacker not only delete all files but also database as well. That’s why its so important for you to create daily backup of your blog specially database backup. Thank god i have the latest database backup but unfortunately i have not all of my blog’s image backup. That’s why i have to waste 15 days to recover and create new images for my blog. After this hack i have learned lots of things and now my blog has more secure than ever before.
10 WordPress Security Tips

1. Create Strong Passwords.

My first mistake was that my old password was containing only characters and digits. I think this was the biggest mistake in my life as these passwords are very easy to hack. Although my password was 15 characters long but still it was hacked. So what is strong password that is nearly impossible to hack. Strong password must contain at-least 15 characters(20+ recommended) and include all types of characters like Capital and small Alphabets, Digits and Special Characters. Never save password on your computer and write down on some notepad etc. Create daily backup as it will save lots of headache if in case your blog is hacked you can quickly restore your data and your blog is up and running in some hours. Try to store you backup in two places like in your computers hard-disk and USB disc etc.

2. Install Login LockDown WordPress Plugin.

Before my blog internet khazana was hacked i had noticed a suspicious IP from morocco who tries to login as Admin but was failed to login. Thanks to the Login LockDown WordPress Security plugin. What this plugin do is that it limits the login attempts of any user and you can set the options that after how many attempts it will lock the login screen. By default if you put 3 wrong passwords it will automatically disable the login screen for your IP for specific amount of time. So its a great way to stop hackers from continuously trying passwords on your blog login screen.

3. Change default Admin Username.

If you are still using Admin as your default username than your are going to provide 59% information to hackers and they only have to guess your blog’s password in order to hack your blog. Now you may be asking that your blog is now very old and how can you change the username now. Well its very easy, just install the WordPress Wp-optimize plugin and simply enter the new username in the change username box. Remember to first create a backup of your database in case if something goes wrong.

4. Change Default Database Table Prefix.

WordPress is known for its dynamic publishing system which creates posts, pages, themes dynamically and store all this precious data in Database. So the Database is the brain of your blog and its very important to protect it. Unfortunately its dynamic ability is mostly targeted by hackers. Spammers and hackers try to inject malicious code, SQL injection and Automated scripts into your blogs Database. So gurus recommend that in order to protect your database all you need is to change the default WordPress Database Table Prefix. For this you need WP Security Scan plugin which gives you the ability to default WordPress Database Table Prefix in just one click.

5. Hide your blogs WordPress Version.

Believe it or not if your blogs WordPress Version is visible to hackers than they will hack your blog in just few hours. Its so easy for them to hack your blog if they now which version your blog have because they now the bugs of that version and hence its easy for them to hack your blog. Hiding your blog WordPress version is very easy. Just add this code into the Functions.php file of your theme and Update the file.
<?php remove_action('wp_head', 'wp_generator'); ?>

6. Encrypt your WordPress Login Password.

By Default if you type your password in WordPress Login Screen unfortunately it can be seen or access by anybody on the internet. For this problem you have two options, First is paid option in which you can buy SSL certificate from your webhost in order to protect your WordPress login page. Other option is free one in which you have to install Chap Secure Login plugin which encrypts your password so that it cannot be seen on internet and hence protect your account.

7. Check your Blog’s Theme.

Unfortunately more than 90% of Free WordPress themes available on internet contains some sort of malicious code which can be dangerous for your blog in future. The code is mainly hidden in your theme’s script and you don’t even about it. So to solve this problem you need to install Theme Authenticity Checker plugin for WordPress. After installing this plugin it searches for malicious code in your blog theme and if found it displays the exact line with little snippet of malicious code.

8. Protect Wp-Config File.

If Database is the brain of your blog than Wp-Config File is the heart of your blog. Its the most important file you have in your blog. It contains all the important information like Admin username, Password, Database name and Server name. So to protect this file we need to edit out .htaccess file which is located in the root directory of your blog. All you need is to add the code given below and save the file.
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

9. Disable Directory Browsing.

Its the biggest and most common mistake comet by newbie bloggers that they never protect there blog’s directories which have no default index file in it. By default if you type any directory name in browser you will see the all the content in it which is very useful for hackers and dangerous for you blog security. So to disable directory browsing you need to ad some code in your blog’s .htaccess file present in the root directory.
Options -Indexes

10. Change Default Admin Login URL.

Everybody knows that your blog’s login page can be accessed easily by typing Wp-Admin at the end of your blog URL. This is really a stupid thing and any thief can easily enter into your blog by this door. So we have to hide this door from thief’s by changing the Default Admin Login URL to something like this http://yoursite.com/login. Again we have to ad some code into the .htaccess file present in the root directory of your blog.
RewriteRule ^login$ http://yoursite.com/wp-login.php [NC,L]
Posted by