Securing your WordPress blog

Published on by Pavel Ushakov in Blog Services, General, WordPress category.

WordPress, though amazing, is not prone to hacking attempts… Here’s a few steps you can take in securing your blog.

Use a secure password and change it often

I bet your password is your last name and some characters? Your dogs name? Your favorite flower? If your password is even remotely as easy to guess as my examples then you should consider using a different password. Ideally it will be at least 8 characters long and include letters and numbers, both lower case and upper case.

Don’t use “admin” as a username

This is obvious to hackers. This is setup by WordPress as the default login name and many people don’t change it. Login and change your username.

Hide your WordPress version

WordPress automatically shows what version you have in your meta tags. Anyone looking at your page source can see it, then exploit potential security bugs your version may have. Instead, hide it.

Go to Appearance then click Editor. Make sure your theme is the one selected and click header.php

Look for:

Change it to something like:

Protect your directories

Some directories may not have an index file. This leaves them open to anyone viewing them. Just add the following to your .htaccess file:


Options -Indexes

This will return a 403 error when someone looks at a directory that doesn’t have an index.

Use your Security Keys!

Open wp-config.php in your favorite text editor (i.e. notepad) and locate the following:


define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

A Security Key makes your site harder to hack and access harder to crack by adding random elements to the password

You can use online code generator, then simply copy and paste into your wp-config.php file.
The four keys are essential for enhanced security. The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided.

Happy Blogging!