5 Additional Extreme Steps to Secure Your WordPress Blog


0 Flares Filament.io 0 Flares ×

You can never be too prepared when it comes to internet security, so I have posted a continuation of my previous post,  10 Simple Steps to Secure & Protect your WordPress Blog, with an additional 5 tips to make it 10 times more difficult for your WordPress site to be compromised by hackers.

Here are 5 additional tips and practices to ensure that your investment of time, energy and money in your blog never goes to waste.

1. WordPress File Monitor Plugin

This plugin monitors your WordPress installation and sends an e-mail alert to a specified address whenever a file is changed, added or deleted. Usually when a site or blog is hacked or compromised in some way, there is always a file that is altered in your directories. Under normal circumstances we would not know about such low-key changes taking places, so the plugin keeps a constant look-out and reports any changes.

The plugin also shows alerts in the WordPress dashboard, just in case you missed the e-mail alert.

This plugin can be downloaded here: WordPress File Monitor

2. Move Your Wp-config.php File

This tip actually came from Sachin, a fellow blogger and web developer, who commented on my previous security post.

You can further secure your WordPress blog by moving your wp-config.php file (which is found in your root directory) to a directory level that is higher than your www (root) folder. This move will prevent your blog from being hacked through your wp-config.php file.

3. WordPress Anti-Virus Protection Plugin

Hopefully, most of us have anti-virus software for our personal computers, so why not have it for your wordpress blog? This plugin is an extremely effective solution for detecting and protecting your blog against exploitations and spam injections and offers the ability to conduct daily automatic scanning and manual testing while providing e-mail notifications.

This awesome anti-virus plugin can be downloaded here: WordPress AntiVirus

4. WordPress Firewall Plugin

This one is pretty neat and recommended for more advanced users. This plugin has a vast amount features that complement your web host server by logging, detecting and intercepting suspicious parameters and requests. It is also useful for mitigating dreadful zero-day attacks (See definition for Zero-day Attacks Here) and setting different security protection levels.

The plugin can be downloaded here: WordPress Firewall Plugin

5. Encrypted Login Password Plugin

This plugin is very useful for users who do not have SSL (Secure Sockets Layer, see definition here) enabled or is not available. The plugin increases the security of the login process by using a combination of public and secret key encryption to encrypt the password on the client side when you log in. Your server will then decrypt the encrypted password with a private key and grant you access. Note: Javascript is required to enable password encryption.

The plugin can be downloaded here: Semisecure Login Reimagined

Use the plugins and tips above to seriously secure and lock-up your wordpress blog to the Max! Remember, its your investment, so do what it takes to protect it.


Please share with us other tips or plugins not listed above that you may have found useful. Also, please share any experiences or difficulties you may have had in the past and what you did to overcome.

Leave a Reply, Join the Community

(*) Required, Your email will not be published


13 Responses

  1. Sachin @ Web Design Mauritius

    04/12/2010, 03:44 am

    Thanks for the mention Robyn. Thanks for the mention. Great new tips here but there’s one thing to keep in mind. Server side hacking management should be done by advanced users only. If you get something wrongly configured, you might have some strange surprises. E.g: I once tried the “bad behaviour” plugin. Though it did a great job, it also stopped me from approving comments.
    .-= Sachin @ Web Design Mauritius´s last blog ..Failure of the web design community in Mauritius? =-.

    • Robyn-Dale

      04/12/2010, 08:21 am

      Hey Sachin,

      I totally agree. Server side configurations are definitely for experienced users.

      I think you mean the “bad neighborhood login lockdown plugin.” Its strange that you have a problem using it since I haven’t had any trouble with it so far. I’ll try to find a solution for that and let you know.

    • Sam

      04/13/2010, 02:46 pm

      Hey Dennis,

      I’m in the process of conducting some extensive testing. So far so good, no problems yet.

      Thanks for reading :)

    • Sam

      04/15/2010, 01:34 pm

      Hey John,

      Spam is a minor problem compared to what hackers can do to an unprotected site. Think about complete destruction. Hope you will give these a try and step up the protection.

      Thanks for comment John :)

    • Sam

      05/28/2010, 08:27 am

      Hey Shiva,

      Honestly, its not completely necessary to use all of the security plugins I mention. I’ve realized that there are specific ones that provide the key tools for protection. I will be doing a follow-up post to show this soon.