How to Protect Your WordPress Blog Against Hacks and Malware Attacks

There are hundreds of articles on how to protect your WordPress blog against hacks and attacks. Usually those articles are read once one gets hacked, not before the destructive and unpleasant act occurs. Security articles such as this will be read often too late, but there is still hope, that someone will listen to the warnings and will investigate, how the WordPress blog can be protected.

In the first place, you should be sure that your web hosting provider will do everything possible for your hosting plan price to protect your blog on your behalf. If the web hosting security measures are not enough, there are some simple ways to raise the security level of your website.

The main tip is using smart logins and passwords. Oh yes, a strong login name is also important, as hackers will need to guess or generate it to log in. Usually the WP login name is 'admin'. It is so easy to guess! Make the hacker's life harder by using different administrator login names (it is chosen during the first installation, or it can be changed in the 'Dashboard' > 'Users' section). Passwords should contain digits, capital letters and special characters.

Once the login information is fixed, the next step should be to protect the login page. The first task is by simply changing the login page URI from /wp-login.php to a custom one, for example /my-dashboard.php. This can be done using the special plug-in called 'Hide login'. The different login page also means that Meta information widget should be deleted, so no one will be able to see the direct link to it. From the SEO perspective, it is necessary to limit access to this page by adding 'noindex' and 'nofollow' to the robots.txt file. This will prevent Google from indexing the login page.

Another step is for advanced users who know how to manage the .htaccess file by adding some specific commands. If you use your blog from one or two computers only, you can simply add the rule that only specific IP addresses can see the login page. This means that if you would like to edit your blog from a friend's home, you will probably see the 404 or 403 error pages, as your friend's IP address is different. When hackers try to get into the admin dashboard, they try to login a few times. You can limit the login attempts. For example, if someone (even you) makes 5 unsuccessful login attempts, the login area is blocked. This can be easily set using the special WordPress plugin "Limit Login Attempts".

There are much more ways and measures to protect your login page. Some of them are specific and require useful plugins which automatically check for malicious scripts, SQL injections, viruses and hacking attempts. The must-have plugins are "Secure WordPress", "WordPress Firewall 2", "AntiVirus", "BulletProof Security", "WP Security Scan", "WP Login Security" and many more. The installation and customization takes just a few minutes, but it may prove to be crucial in securing your WordPress blog from malware attacks or hackers.

One more important tip: You must routinely create backups of your blog. This way if your blog gets hacked, you can restore it to a previous state.