Pay Attention To Your Wordpress Security

January 15, 2009 in News by Olgi Zenullari

To tell the truth I have never been concerned about the security of my sites. However after discussing with some of my friends I realized a lot of our blogs (I’m talking about WordPress) have some loops which are risky. Someone with proper knowledge would be able hack our blogs.

What should I do in order to prevent my WordPress blog from being hacked?

First of all it is recommended that you have the latest version of WordPress installed. If you are using any older versions, you better update your blog as the latest version of WordPress has fixed some previous possible loops and has increased security. Click here to get the latest WordPress version.

Most of us (including me) didn’t know that wp-content/plugins or wp-content/themes were accessible from anyone. I have seen some great affiliate marketers or entrepreneurs who haven’t changed anything to prevent anyone checking their information.
So by accessing wp-content/plugins I can see what plugins someone has installed and in this way I can find possible loopholes from which I can profit and hack the site. A good method to stop anyone checking your wp-content/plugins or wp-content/themes is by adding a blank index.html file. So when someone will try to see what you have installed, the blank page will be shown.

Be careful my friends as many of us upload their premium themes as zipped files on the “themes” directory so someone could easily get the theme for FREE. Thats why I strongly recommend you to add a blank page on both wp-content/plugins and wp-content/themes.

Another suggestion from me would be to change your username. In most of the manually installed WordPress blogs, you have a custom username as “admin” so by accessing your phpMyAdmin you could change that value into something else. In this way it would be much harder for someone to find both usernames and password rather than only the password.

I have just checked 2 well-known entrepreneurs and I could easily access their wp-content/plugins and wp-content/themes. This means I could see all of their plugins and themes which is not good as someone might cause you problems just from that information. I have contacted personally those bloggers and informed them about this issue.

Thanks for your attention

Olgi Zenullari

Be Sociable, Share!

Interesting Related Posts:

http://www.mariolist.com Mario

Thanks a lot Olgi for sharing with us
this great article.

I look forward to read more.

Mario
Dare

Hey Olgi. I first saw this at Matt Cutts blog and now you mentioned about the themes directory…I didn’t know it can be so easily accessed. So thanks for the info.