4 ways to secure a WordPress blog
1. Prevent the WordPress version from being displayedWordPress, as well as other web hosting apps, has its vulnerabilities. The WordPress team discovers security holes in each new version, so those who do not upgrade to the latest WordPress version are left exposed to the discovered threats. So, it’s a good idea to hide the WordPress version – this way each visitor will think that you are using the latest version and that old security holes are not present. You can do that by adding a simple line of code in your selected WP theme’s functions.php file:
And that’s all. When you refresh your blog, you will see that the WordPress version is no longer visible.Note: hiding the WordPress version can cause some problems with plugins, which insist on using it.
2. Ban spam bots from your blogIf your blog is fairly popular, then you have run into the spam problem – there are a lot of spammers out there who leave spam comments on your blog. And while you can use an anti-spam plugin like Akismet, you can always go the extra mile and forbid the spammers from accessing your blog. To do that, gather the IP addresses of the spammers who have posted the spam comments and paste them in our IP blocking tool in the Hepsia control panel. This way, the owners of these IPs will no longer be able to visit your website. Additionally, you can do that manually, using the .htaccess file in the root folder of your WordPress installation. There, you will have to paste the following code: <limit get=”” post=”” put=””> order allow,deny allow from all deny from 10.20.30.40 </limit> You have to replace the 10.20.30.40 IP address with the given spammer’s IP. To add multiple IPs, simply add more deny lines. <limit get=”” post=”” put=””> order allow,deny allow from all deny from 10.20.30.40
deny from 22.214.171.124
deny from 126.96.36.199
deny from 188.8.131.52
3. Protect your wp-config.php fileThe wp-config.php file is one of the most important files for any WordPress installation – it contains all the info a person would need to access your MySQL database where all the posts and comments are kept. So, it’s vital to add additional security levels for this file. A great way to do that is the .htaccess file. It’s the same file I told you about in the previous step – the one located in the root folder of your WordPress installation. You can add the following lines to it:
deny from all
This way, no one but you will be able to access it.