protect wordpress from hackers

Bulletproof the latest WordPress security holes in seconds

WordPress blog software has been around about 10 years…

Yet, WordPress is still surprisingly easy to hack.

And it is a popular target for hackers and spammers.

When we install WordPress on our site, there is a 100% chance of getting hacked

WordPress to hackers is like bees to honey…

That is because there are so many easy ways to compromise our WordPress blogs.

WordPress is open source blogging software.

Anyone can offer us their WordPress themes and plugins.

But no one is checking for reliability or malware.

Just a single typo in a theme’s or plugin’s code can make our entire website easy to hack.

Even worse, some themes and plugins are written by hackers themselves.

Even if WordPress software was 100% perfect, installing WordPress without the tweaks (below) is a surefire way to get hacked this year.

The good news is we can DRASTICALLY bulletproof ourselves from hackers

Implementing the following tweaks and edits bulletproofs us from a hack – almost 100%.

Even better, these adjustments are super easy to fix – no need to hire a programmer…

Delete the WordPress readme page

By default, WordPress automatically posts a readme.html page on our site after every new update:

protect wordpress from hackers readme

This is a stunning, surprising security hole.

Because when a hacker sees what WordPress version we are using, they know what vulnerabilities are available.

The fix is simple – log into your web hosting account and delete the readme.html file (or change the file name).

Make the meta name generator header tag invisible

An equally stunning and surprising WordPress security hole is found in the source code of our blog…

By default, WordPress displays the version number of our blog as a meta name generator tag:

protect wordpress from hackers meta name generator

(To see it, look at the source code of any WordPress post or page.)

To hide the version number from the public, append the following lines of code in the functions.php file:

remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;

(I always copy the code as backup before making changes. I recommend the same for you.)

Turn off error reporting

Older versions of WordPress have a huge, gaping security hole.

It is a hacker’s paradise.

Because when WordPress plugins or themes fail, they might show errors for all the world to see:

protect wordpress from hackers server error

As we see, an error message gives hackers the username of our hosting account.

Even worse, hackers can easily force our website to display this error (and thus our website username).

Armed with the username, a hacker simply needs our password to get full access of our entire website account.

The good news is a fix is simple…

First, backup this file:

/wp-includes/class-wp-error.php

Then append the contents with this exact code:

error_reporting(0);
@ini_set(‘display_errors’, 0);

This turns off server error codes.

Problem solved.

Avoid using these 500 common passwords

Many of us create easy-to-remember passwords to log into WordPress.

The appeal is obvious.

We want to blog, not track down long passwords every time we log into WordPress.

But odds are good your password is going to show up on this list of the 500 worst passwords of all time.

Hackers tap into this list to quickly crack most passwords in minutes and gain access to our WordPress site.

The latest version of WordPress allows us to create a strong password in just a click.

Strong passwords make it all but impossible for hackers to gain access to our WordPress blog.

Create temporary access for WordPress freelancers

One of the biggest sources of hacks come soon after outsourcing WordPress adjustments.

For example:

We hire someone to customize our WordPress installation.

They get paid.

A few days later, they regain access to our WordPress blog and install malware within our WordPress software.

The fix is simple:

Whenever a freelancer completes a task, I delete his/her WordPress temporary username and password.

Problem solved.

Install Wordfence right now

I have tried many WordPress security plugins.

But my hand’s-down favorite is Wordfence.

Not only does Wordfence email us when it senses suspicious activity on our site…

It also gives us the option to block a hack in progress.

Just the other day, a hacker installed Ralph Lauren advertising links in my navigation bar…

But in just one single click, Wordfence fixed it for me (in less than 7 seconds).

Wordfence is HIGHLY, highly recommended.

It has saved my bacon countless times.

Attention WordPress bloggers

All my daily blog posts, daily podcasts and YouTube videos are licensed under an International Creative Commons attribution…

In simple speak, you can steal any of my content on this blog (as long as you link back to my site here at TruthIn7Minutes.com) …

Bottom line: Copy and paste any of these tips as your own on your blog. You have my permission. Help those reading your blog to bulletproof their WordPress software from those pesky hackers.

Published by

Markus Allen

Family man. Truth seeker. Life hacker... more about me here...

 


Enjoy this post? Spread the word - share it:
share this articletweet this articlegoogle plusemail this to your friend

Feedback | Tell Markus you like this daily blog...

 

Click here to see my entire archive of daily blog posts...