Security is a big issue these days, not only in the real world but also in the online world. Unfortunately, some people have nothing better to do than hack other peoples websites and blogs. I for one am a victim of such an attack. So, what can we do to avoid spam attacks and website exploits? Locking down your website/blog is the answer. Here are the things I’ve done so far to harden up my blog:
1. Upgrade to the latest WordPress Version - Holes and exploits are always being discovered in WordPress so it is wise to have the latest version with the exploits patched up. THIS IS VERY IMPORTANT!
2. Use a complicated password and change it often - Hackers will sometime attempt to do a brute force attack to gain your log in details to exploit your blog. Changing your password regularly can avoid such attacks. To further stop this kind of attack, install plugin of your choice for WordPress, which will block an IP address after attempting to login to your blog within 5 minutes.
3. Set correct file and folder permissions - Setting file and directory permissions is important as you don’t want to give access to unauthorized people. Chmod values should be: 755 for directories, 644 for plugins and core WP PHP files, and 666 for my active theme files.
4. WordPress Exploit Scanner - This plugin will search for any suspicious activity on your server. Good too to run occasionally.
5. Make regular backups - The more regular the better, because if something does come up, you’ll be able to restore your blog within minutes. I now backup my blog every couple of days. Make it a habit.
6. Add these lines into your .htaccess file:
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files readme.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>So far I haven’t been compromised using the above steps, and am hoping for it to stay that way . If you have any suggestions or questions, just leave a comment.