Despite being the one of the largest blogging platform wordpress is quite immune to the hazards of hackers, spammers and other security threats. As it is an open source application, therefore, there are more chances of being vulnerable to the ill intent attacked on your blog to dismantle it.  In order to ensure about the security of your blog, if you are running one on wordpress, below are a few measures discussed measures that you would found to be very helpful for protecting your blog.

Take steps to secure wp-admin folder: Security of your word press admin folder should not be compromised at any case as it contains the most important wp-admin files. One of the best methods to secure wp-admin folder is providing protecting to it limiting the IP addresses that can access it via an .htaccess file (for Apache web servers). In case, you run other servers apart form the Apache like IIS server, then you would have to look into the methods to receive same type of permission for word press folders.

To enable this, save blank document as .htaccess file. And can put following code block into it.

order deny, allow
allow from 123.456.78 #Your IP Address
deny from all

Save the file and place it inside your wp-admin folder.

Another method to protect your WordPress admin folder is using a plugin named as AskApachePasswordProtect. This plugin provides you with a good number of features like asking for a username and password to access any admin page. This plugin also writes .htaccess file, automatically for you.  More you can inquire at Apache site about Authentication, Authorization and Acess control to lock down other folders of your WP installation.

Hide WordPress version number: Never let your WordPress version to be displayed publicly, as it makes the task for hackers bit easy as they can exploit weaknesses contained in the particular version of word press blog. So in your theme’s header.php you can remove following code to hide word press version information.

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />
<!-– leave this for stats please –>

Have MySQL backup on regular intervals: Arranging backup for your wordpress database should be your first safety features. It can be done by exporting MySQL data as a .sql at a safer location. It is highly recommend taking daily backup of your SQL file, however, how busy you are. In case, if you are dead short of time you can automate backup process by using wordpress plugin known to be WordPress Database Backup. This plugin provides you with options to set it on the basis of hourly, daily, weekly and monthly intervals. Now you will be safe in regard to protection of your blog, in case, if its security is breached, anyhow.

Have regular updates to WordPress installation: As wordpress is an open source project, hence it requires regular update of its version by installing newer version with better security features and according to word press, it merely takes five minutes to have an update for a new version.

Refrain from using the default “admin” username: At the time of installing word press, a user receives Administrator level permission called admin. It is instructed this admin name should not be used as a hacker can use it for guessing username and password.  Even you can remove admin user by creating the Administrator role by your WordPress Admin Panel and then with newly created user delete admin user.

More you can use Login Lockdown Plugin that keeps on recording the IP address and timestamp of every failed WordPress login attempt. In case, more than certain number of failed login attempts are detected then IP address gets blocked and any further login attempts are not allowed from that address.

Provide encryption to WordPress-related cookies: By getting random code from the WordPress secret key generation tool and pasting it into wp-config.php file you can encrypt information contained in WordPress cookies.  This prevents cookie hijacking.

Password Should be strong: And above all the security features under discussion the best one is using a complex password to secure WP installation.  And you can even verify security of your password by verifying it by many applications available, online.

Modify WordPress database table prefixes from default settings: In WordPress wp_ is used as default prefix for your MySQL database tables. For the security purpose it can be changed into something else, preferably numbers and letters like your wordpress name or blog name. For changing move to your wp-config.php file and change the table prefix value.

$table_prefix = ‘wp_’;

Employ correct permissions on WordPress files: Insure that all the files on server has correct access rules and prohibit them from any  write access to any publicly-accessible files, though for some WordPress plugins certain files are required to be writeable.

Block world-access to wp-config.php file: As wp-config.php file is an integral part of WordPress install containing valuable information and data like database username and password. By preventing world-access to the wp-config you can secure WordPress blog.  Following code can be employed for the purpose:

<files wp-config.php>
Order deny,allow
deny from all
</files>

Restrict search engine from accessing every file: Your can restrict your entire website from being indexed by search engine spiders as search engine spiders make it easy for hackers to reach prone files on the server. Therefore you can instruct spiders only access to the relevant files on your domain.  In a below example you are telling spiders not to index anything inside folders starting with prefix /wp- ( like as wp-login.php)

Disallow: /wp-*
For detailed study you can read tutorial at AskApache.com for WordPress robots.txt

Have SSL or other secured connections for accessing WordPress Admin pages: You can have encrypted SSL connection with your host service to run sessions on https:// in place of http:// on admin-related pages and functions. This can be done by inserting following code into wp-config file.

define(’FORCE_SSL_ADMIN’, true);

Above discussed measures to a level can provide your wordpress blog security against external hacker’s attack.