After you have found cheap WordPress hosting and you have launched your WordPress blog, one vital step you must never skip is to protect your WordPress blog from getting hacked. If you are new to WordPress security and Web security in general, you might hope that there is a thick book, which lists, in detail, everything you need to do in order to protect your WordPress blog from getting hacked and then you have the safest WordPress blog on Earth.

The bad news is that there isn’t such a book and it is not possible to write one. However, there are some steps you should follow in order to at least make your WordPress blog a bit more secure. WordPress is secure but some additional hardening is always necessary.

Minimize the Damage

As with many things in life, prevention is better than treatment but you should always be prepared to react in case the worst happens. One of the best medicines you have at your disposal is a backup. There are some WordPress tools, which allow to backup either the WordPress database only or the whole installation, so get one of them and start using it regularly. Many WordPress hosts, including cheap WordPress hosts, offer various backup tools, so it doesn’t require much effort to find the right backup tools.

Real-time backup is the safest option but in most cases you won’t need it, even if it is available. Weekly or daily scheduled backups are very often exactly what you need. Backups don’t take much time but they are a life-saver if hackers manage to bypass your security.

Peace of Mind with Anti-hack Measures for Your WordPress Blog

Once you get the habit to make regular backups, the next steps in securing your WordPress blog and your peace of mind can be grouped into the following categories:

1. Common sense security.

Security starts with the most basic steps many web masters tend to neglect. Some common sense security steps include the installation of patches and updates as soon as they are released, use of strong passwords (and their frequent change), caution about the places you log from (because if you login from an insecure location and your password can be intercepted, this kills all your efforts to secure your WordPress blog), etc. The careful selection of a reliable wordpress hosting provider also falls into this group of measures – cheap WordPress hosts can be secure but you need to double check.

2. Limit access.

Many hacking exploits happen because the web master was generous in granting access. You should always keep to the least privilege rule and grant permissions restrictively. For instance, if you impose IP restrictions to the wp-admin directory, this could stop many unauthorized access attempts. However, be careful not to cut your own access and lock yourself out! Additionally, you can make many files read-only and give privileges to selected users only.

3. Harden your web server.

Many exploits are possible not because of WordPress weaknesses but because of server vulnerabilities. This is why you need to harden Apache or whatever web server you are using.

4. Secure plugins.

Plugins are what gives power to WordPress but they are also responsible for many vulnerabilities. Sometimes it is the given combination of plugins that makes your WordPress blog an easy target, while in other cases it might be just a separate plugin. Anyway, make sure that you have followed the steps needed to secure your WordPress plugins.

5. When done, check with the WP Security Scanner.

It is naïve to think that it takes only 4 (groups of) steps to secure your WordPress blog – in fact, there is much more you can and should do. If you want to run a security check and see what the report includes, WP Security Scanner will give you an idea of what else you need to fix. The tool in the link is one of the best tools for the purpose, so download it and run it.

These 5 measures are just the beginning in making your WordPress blog secure. Don’t skip them, they are vital.

Laura Hayes is a full time Senior Writer for Web Hosting Search, one of the strongest guides for web hosting. She blogs about WordPress techniques and online marketing.

Photo Credit: CarbonNYC

Related posts:

1. WordPress 2.8.3 Security Release
2. Why Use The WordPress Platform?
3. WordPress 2.8.1 Released

Have you noticed the yellow upgrade bar in your WordPress dashboard? If not, version 2.8.1 was officially released yesterday and it includes a few bug fixes as well as some changed to make it more secure.

Here’s a few things version 2.8.1 fixes:

• Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
• Dashboard memory usage is reduced.  Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
• The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
• A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
• Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
• Translation of role names fixed.

The problem in bold was something a lot of our clients were experiencing. Luckily this version resolves any problems with the rich text editor. For a list of all the fixes included in this version, check out this post over on the WordPress.org blog.

If you haven’t yet, we highly recommend upgrading right away to be on the safe side. We’ve already upgraded our blogs and haven’t experienced any problems.

Related posts:

1. WordPress 2.9.1 Has Been Released
2. WordPress Version 2.8.5 Released
3. WordPress 2.8.3 Security Release