How to seure wordpress blogs


Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break a website, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website.
As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure:

Secure WP-Admin By IP

Let suppose if someone can get the ability(username & Password) to enter into your website WP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.

Order deny,allow
Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX


Protect WP-Config.php File

WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of your website.

Access .htaccess file is located at the root your WordPress installation open it and paste the following code.

order allow,deny
deny from all



Hide WordPress Version Number

You must hide the version of your wordpress because an attacker may find the available exploit by searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it.

This tag is in the header.php file that displays your current version of wordpress

Copy and paste the code in the functions.php file of your theme and than you are done.


remove_action('wp_head', 'wp_generator');

Remove Error Message From Login Screen

This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code.

add_filter('login_errors',create_function('$a', \"return null;\"));


Some Other Security Tips

Use your mind because mind is an essential part to secure yourself on the jungle of web.

Create strong passwords that are not easily be guess or crack.
Secure your own side(your computer) from different malware.
Make regular backup of your blog.
Update your wordpress to latest version
Use SSH instead of FTP
Avoid using your account on public places
You must be ware on different attacks to secure yourself.

About The Author

This post is written by an Irfan Shaeel An Ethical hacker and Penetration tester, Irfan blogs At his blog Ehacking.net