How To Secure A WordPress Blog – A Step By Step Guide

(Last Updated On: January 19, 2017)

The biggest reason WordPress blogs get hacked is their lack of proper security. Every blog is vulnerable to getting hacked. A very popular blog called TechCrunch was hacked earlier this year in 2016. Even the most popular blogs are not hack-proof. Every blogger should be putting be putting security steps in place to ensure that your blog is very hard to hack.  My biggest advice for you is to make daily backups of your blog if your web host does not do this already.

WPOutcast’s is using Cloudways with a VPS that is set to make a full backup every 24 hours at no additional costs. A popular WordPress plugin to use is backup guard. Let’s get started with WPOutcasts step by step on how this blog is secured.

Cloudflare

cloudflare features

Cloudflare, a free and/or paid way to not only secure your blog, but it also offers additional protect features for your blog and will keep it online when your web host server goes down. When the web server goes down, Cloudflare will put up a cached version of your blog and chances are your visitors won’t know the difference at first. There is a lot to learn about this company but the features available are just awesome. There is a detailed guide on setting up your domain with them. Here are some screenshots of a few settings we have put in motion.

cloudflare firewall

cloudflare online

cloudflare network

cloudflare ip

cloudflarescrap

Visit the official CloudFlare website to learn a lot more. The free account is worth it. Install their WordPress plugin if you use this service.

Securing The Login Page

Have you ever noticed that you are getting hit with hundreds of repeated login attempts continuously for your admin account or for other blog registered members? This happened to my blog and I found an easy solution for now (I’m always searching for new ways) and it was installing one plugin. The repeated login attempts by a certain country stopped within 10 minutes. I recommend that your install the Stealth Login Page plugin. Somewhere on your blog, mention to your audience that after registering, to email you for the authorization code to use for logging in. This is like a CAPTCHA form.

Web Hosting

cloudways-security

A very big part of securing your blog actually starts out with the type of web host that you are using. We are on Cloudways which means we are in the cloud and currently can control certain server settings. One setting that I love, that I haven’t had to use, is blocking people from the server in my dashboard. See the image above. The second thing a good web host will have is automatic backups every 24 hours that are ready for you to use at any time. I wouldn’t suggest going with a web host that requires you to contact to for your back-ups.

Most web hosts depending on the package that you have, you will be able to blacklist an IP address. In the image above, I would typically add my ISP IP to the whitelist to ensure I have access to my blog at all times.

cloudways backup

Restore a backup easily:

cloudways-restore

I have been so happy since moving to CloudWays late 2015 and can upgrade easily if needed. Do check out their packages and features. The live support is top notch and any stupid question or issue I have had, it was resolved in a matter of minutes. This still shocks the hell out of me because with other hosts, I had to complain about their support staff being clueless.

WordFence Security

wordfence

This plugin has loads of extra security settings and you even have the ability to block a whole country from visiting your blog. There are lots of good features that make this plugin the best one to use. The Wordfence Security is easy to set up because They provide instructions for it. I actually needed to read it because I wanted to know what features I could enable that best suited my blog. Here are the features:

  • Wordfence Security actually verifies your website source code integrity against the official WordPress repository and shows you the changes. They are the only plugin that does this.
  • Wordfence Security fully supports IPv6 including giving you the ability to look up the location of IPv6 addresses, block IPv6 ranges, detect IPv6 country and do a whois lookup on IPv6 addresses and more.
  • Wordfence Security includes protection against DDoS attacks by giving you a performance boost up to 50X.
  • Wordfence Security scans check all your files, comments and posts for URL’s in Google’s Safe Browsing list.
  • Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server, which makes them very fast.

That is not all of the features but most of the important ones. You have nothing to lose, download this plugin today and give your blog that extra protection. It does not matter if you just started a blog 3 months ago and it doesn’t get a lot of traffic. All blogs are vulnerable to being attacked by hackers. Security is the first thing you need to do when you start a blog. After that, install other plugins you like, set them up and don’t forget to add content.

Make your passwords hard to crack as in random numbers, letters and other characters, change the Admin username to something else.

File Permissions

It is strongly recommended that you make the following file directory changes. This protects important area’s of your blog from getting hacked. This is extra security protection. I updated my permissions to below.

recommended file permissions

I just noticed with the uploads directory, I had to change it back to 755 permission to upload the image above to this blog post. Other than that, all other file permissions cause no issues and helps security your blog even more.

If this blog post was helpful, please consider sharing it online with your followers. Help your friends secure their blogs right now.

Leave a Reply

33 Shares
Stumble26
Share3
Share2
+11
Pin1