This is my first post about WordPress on my blog here. So, i want it to be very useful and here it is. As being WordPress addict i use it for the every website i create both for my purpose and for clients too.
I always enjoy using WordPress for my projects at the same time the big head ache i get with WordPress is the Hacking attacks and spams i receive on the WordPress powered sites. Since WordPress is the best performer to rank a site good in search engines many started to use it and also many hackers/spammers too started to attack the WordPress powered site to for many purposes like Getting Backlinks, To Spam and sale products, promote products or affiliate items and the list goes on.Its all easy for the Hackers and Spammers to find the WordPress powered sites just by search few words in the site’s page source like said here. So to avoid this type of attacks WordPress introduced a new feature to move/rename its core folders from its version 2.6. This tweak can be done easily just by adding few lines of code in the wp-config.php file.
And below i am linking some tutorials where we can get to know how to protect our WordPress site,
- Protecting wp-config.php file – http://www.devlounge.net/code/protect-your-wordpress-wp-config-so-you-dont-get-hacked
- Moving/Renaming the wp-content folder – http://www.johngirvin.com/blog/archives/moving-the-wordpress-wp-content-folder.html
- Protecting wp-admin folder – http://www.michiknows.com/2007/02/12/who-else-wants-to-hide-their-wordpress-admin-folder/
- Protecting wp-include folder too – http://comox.textdrive.com/pipermail/wp-hackers/2007-April/011715.html
Then, i forget to mention another important thing. A WordPress site can be identified not only by looking for its core folders, it can also be identified by a meta tag in the page source. Ya, it is <meta name=”generator” content=”WordPress x.xx.xx” /> . This meta tag will present in all the WordPress powered sites. Its actually for a statistics purpose used by its programmer to find out the count of WordPress powered sites on internet. So this is also a key for hackers/spammers/attackers to find a WordPress powered site. The extreme part of it is that a WordPress powered site can be attacked easily just by knowing this meta tag.
Lets see how this meta tag is useful for a attacker to hack a site. Just consider that you started a WordPress powered site about a year ago and left it without touching/updated it until now. Then if your site fall in the eyes of a attacker, he will see the meta tag and knows that your site is running with old version of WordPress. The next step he will study the vulnerabilities which are found in the version of Wordpres you used in your site and will attack your site. Note, the WordPress is an Open Source and Community driven platform so its bug list is openly available to those who have signed up for an account with the bug tracker. So its really very easy to attack a WordPress powered site just by reading a single line of Meta tag !
So here is the Plugin which helps you also to remove the Meta Tag too, get it here http://wordpress.org/extend/plugins/wp-security-scan/
I hope this post will be very useful for those who were in very deep love with WordPress ! Please let me know your thoughts on this and also if there is any other thing which can be used to keep a WordPress site safe in comments below…
Bonus Tip : Take a look at http://codex.wordpress.org/Editing_wp-config.php and make the wp-config.php highly secure
I have to do this method for securing my client’s blogs. Thanks for making security awareness to wordpress lovers.