Follow the prevention steps below to secure your WordPress blog or any general CMS site :-
1) Make sure your WordPress site is up to date with the latest version.
2) Keep a backup of your entire WordPress database.
3) Change the default username (admin) to something else and use a strong password.
4) Change the database table prefix from default wp_ to something else to prevent a SQL injection.
5) Block indexing of the Wp-admin, wp-content, wp-includes and wp-content folders on the Internet using robots.txt or putting .htaccess inside the folders.
6) Protect your .htaccess file by denying access to it from all.
7) Secure your Wp-config.php file using .htaccess rules.
There is a plugin that I suggest you use that will take care of a lot of security issues on your system. That plugin is called Better WP Security. Better WP Security allows you to change specific features on WordPress to make it harder for hackers to break into your site with a single click.
For example you can:
Change the username from ‘Admin’ to something else.
Change the user ID of your admin from 1 to something else.
Lock entrance to the admin login at certain time periods (like when your normally asleep)
Ban users based on their IP addresses
Change the directory of your WordPress files from wp-content to something else.
Automatically take backups of your database and email them to yourself.
Change the prefix of your database from wp_ to something else.
Change the URL you use to login from wp-login to something else.
Check the number of hits on 404 pages and lock the user out if they are excessive.
Track any changes to your files.
Limit the number of times you can attempt to login with the wrong password.
Enforce strong passwords.
And quite more.
So, add the plugin “Better WP Security” and make it harder for your website to be broken into.
]]>