Getting Hacked isn’t fun
Posted on September 8, 2009 by Amit
I love WordPress. It cuts down the time I need to spend while launching a new site. Not all my sites are blogs, but I use WP as a content management system. With millions of excellent free themes and as many free plugins, I can a build a site much faster that if I were to build everything from the scratch.
But then WP is also open source. So hackers know about it more than we the WP users. So if you are using WP you need to be very careful. One of my WP site recently got hacked. It took me a while to find out how to clean it up, but in the process I learnt a lot about how to secure your WP site and most of it are very simple steps. If you are careful when you set up WP the first time, it will save you a lot of time later.
Most important of it “DON’T USE THE DEFAULT OPTIONS”. When you install WP, don’t use the default wp_ prefix for your mysql table, never. Change it to something else, abc, pws, qti or anything that may mean something to you. Most of the vulnerability is safe guarded if you do this simple step.
Then comes the default “admin” user that WP sets up while installing. There is no easy way to avoid it, since WP doesn’t give you the option to change the super user. So after you install, go to the my_sql table xxx_users and change the admin user id to something else. This step is as important as the previous step.
Now if you have already set up your WP with all the default options, then you will need to copy all your wp_ tables to new tables with a different prefix. Go to your php my admin, and export all your WP table to sql with the create table parameter checked. Then copy the entire sql and change the table name prefixes from wp_ to something different. Run the sql statements in php my admin. You will end up with a new set of tables. Then ftp into your blog’s root directory. Change the table prefix in the wp-config.php file to the new table prefix that you chose. That will take care of the 1st step.
After you have done the two above steps, your fort is secured almost 90%. Then there are many free WP plugins that will help you add more security. Do a search and you will find many free security plugins.
The final part of WP security is making sure your WP version is always the latest. This shdn’t be a big hassle now, since WP allows auto upgrade with a single click.
No related posts.
