How to secure your wordpress blog – part 2
I wrote a previous article about improving wordpress security (here), which lists wordpress extensions that can help you improve the security of your blog.
The following is a list of some additional changes that you can make to improve the security of your wordpress installation (Backup wp-config.php and your db tables before trying the following):
Wordpress tables
Change the default table prefix. Many times, attackers can get information from your database because they know the exact names of the tables. Use a random table prefix that can’t easily be guessed.
If you already have a wordpress blog, you can follow the following steps:
1) Choose a random table prefix (example: 78erx2)
2) Open wp-config.php
3) Find $table_prefix = ‘wp_’; and change it to: $table_prefix = ‘78erx2_’; (This will be the prefix that was chosen above)
4) Execute the following SQL commands (in your favorite mysql client..I prefer SQLYog):
RENAME TABLE wp_categories TO 78erx2_categories
RENAME TABLE wp_comments TO 78erx2_comments
RENAME TABLE wp_link2cat TO 78erx2_link2cat
RENAME TABLE wp_links TO 78erx2_links
RENAME TABLE wp_options TO 78erx2_options
RENAME TABLE wp_post2cat TO 78erx2_post2cat
RENAME TABLE wp_postmeta TO 78erx2_postmeta
RENAME TABLE wp_posts TO 78erx2_posts
RENAME TABLE wp_usermeta TO 78erx2_usermeta
RENAME TABLE wp_users TO 78erx2_users
UPDATE 78erx2_options SET option_name=’78erx2_user_roles’ WHERE option_name=’wp_user_roles’
5) You may or may not have to execute this (it’s only if it exists in your DB):
In wp_usermeta, wp_autosave_draft_ids and wp_user_level for the field meta_key need to be changed to 78erx2_autosave_draft_ids and 78erx2_user_level.
WordPress scanner is a free online resource that blog administrators can use to provide a measure of their wordpress security level.
You first need to download the activator plugin Here. This plugin adds a simple piece of text to your blog to verify that you own the blog. After this is installed, you can scan your wordpress installation here.
Also remember to deactivate the plugin after you are finished scanning or other people will also be able to scan your installation.
File Security
The root Wordpress directory: all files should be writable only by your user account.
(The exception is .htaccess if you want WordPress to automatically generate rewrite rules for you)
wp-admin – All files should be writable only by your user account.
wp-includes – All files should be writable only by your user account.
wp-images – All files should be writable only by your user account.
wp-content – Should be writable by all (owner/user, group, and public).
wp-content/themes – If you want to use the built-in theme editor, all files need to be group writable. If you do not want to use the built-in theme editor, all files can be writable only by your user account
wp-content/plugins – All files should be writable only by your user account.
4 comments
[...] more from the original source: How to secure your wordpress blog | A blend of programming and seo « Wordpress Plugins | Squico WordPress Design | Effective Keyword Use as an SEO Ranking [...]
[...] up a previous article with a few quick ways to secure your WordPress blog and he’s come back with a few more helpful hints on how to keep you and your blog safe. The following is a list of some additional changes that you [...]
[...] previous article with a few quick ways to secure your WordPress blog and he’s come back with a few more helpful hints on how to keep you and your blog [...]
[...] link is being shared on Twitter right now. @rawseo said New blog post: How to secure your wordpress blog [...]
Leave a Comment