WordPress Security, Basic Tips and Plugins to Install

WordPress is an awesome publishing software and Auttomatic (the company behind WordPress) always tries hard to secure it so that millions of blogs can be safe from hacker threats. Recently TechCrunch the world's biggest blog, got hacked twice in a short time frame of eight hours.

According to the lead programmer of WordPress, Mark Jaquith, the hack was most probably because of an insecure WordPpress plugin which allowed the hacker to use the method of php injection to hack tech crunch. It wasn't a server side hacking. Somehow the hacker managed to get to the WordPress admin panel of TechCrunch and was successful in defacing it.

TechCrunch has the best security experts to protect their website but looks like no one can compete with hackers. There are lots of WordPress plugins to secure your blog but once again its difficult to choose which to install or not.

I'm writing down some basic WordPress security tips and the best WordPress plugins which I'm using for a long time and have a good experience with them.

Basic Tips

• Don't install WordPress in the root directory. Install it in some folder with a weird name which is not easy to know. Something like 1w3erfdefr. This will save your wordpress installation from bots as well as hackers. Follow this guide on how to open WordPress on the main url after installing it in a sub direcotry.
• Change the WP prefix of database tables. It will save you from sql injection hacking.
• Never use the admin account. After installing WordPress, you should change the administrator user name.

Plugins

Chap Secure Login

It encrypts your admin password when logging in without the use of SSL. This is the best plugin if you want to encrypt your passwords and don't have ssl certificate to use.

Stealth Login

This plugin enables you to create custom wordpress admin links to login and logout. By default you will login at http://yourdomain.com/wp-admin but with this plugin you can replace that wp-admin with any word hence only you will be able to access the login page.

WordPress Antivirus

AntiVirus for WordPress monitors malicious injections and warns you of any possible attacks. It saves your blog from spam injections. A must install for every one.

WP Security Scan

This plugin checks the necessary ftp permissions and htaccess permissions so that if there is something wrong you can set it up. You can uninstall it after checking.

Backups Backups and Backups

The best approach is that you should atleast back up your WordPress database once a day and the whole directory once a week so that if something gets wrong, you can easily restore the backup. You can use WP Database backup for this purpose.