Experts believe that the best way to secure your WordPress installation is by writing your own codes and not with the use of off-the-shelf codes, known as plugins.

While this may be true, not many possess the skills of writing codes for WordPress. Chances are, you may even be barely capable of finding your way round the blogging platform itself.

However, not all these coding techniques require a knowledge of Nuclear science to be able to apply it to your blog, i would list out some that just anyone can try on their own.

1. IP ACCESS RESTRICTION

Study has shown that a high number of malicious hacking originate from a number of Arab countries. So, why leave it open to them? Chances are that your blog were never intended for their consumption anyway.

There are two options to choose from;

Restrict access to your blog to only selected country / countries or deny a number of countries access.

Allowing Access To Your Blog To Selected Countries

– From your Control Panel (CPanel), Click on your “File Manger”.
– Ensure “Show Hidden Files (dotfiles).” is ticked. You will be taken directly to your root folder.
– Look for the file called “.htaccess”.
– Right click on this file and select “Edit”
– Open another tab in your browser, navigate to ip2location.com
– Select Nigeria from the list of countries. You may click on more countries to extend access to those countries.
– Under the drop down menu labelled “Output Format”, select “Apache .htacess allow”
– Click “download” to download a file labelled “cidr”
– Right click on the downloaded file and open with “Wordpad”. DO NOT USE NOTEPAD.
– Copy the content of this file and paste into your .htaccess file, after the last entries there – if any.
– Save and close.
– Now your site can only be accessed from Nigeria or whatever countries you selected.

NOTE: If you do see a .htaccess file in your root folder, first confirm if you enabled “Show Hidden Files (dotfiles).” from your file manager. If you did, then you would have to create the file yourself;

– Open Notepad
– Go to “Save as type”, choose ” All Files”
– Under Filename, type .htaccess
– Save.
– Copy the content of the downloaded “cidr” file to your .htaccess file
– Save
– Upload to your root folder using your cPanel file manager
– Right click on this file and change permission to 0644.

Denying Access To Selected Countries

– From your Control Panel (CPanel), Click on your “File Manger”.
– Ensure “Show Hidden Files (dotfiles).” is ticked. You will be taken directly to your root folder.
– Look for the file called “.htaccess”.
– Right click on this file and select “Edit”
– Open another tab in your browser, navigate to ip2location.com
– Select the countries you want to block. I suggest including Morocco, Turkey, Algeria, Russia.
– Under the drop down menu labelled “Output Format”, select “Apache .htacess deny”
– Click “download” to download a file labelled “cidr”
– Right click on the downloaded file and open with “Wordpad”. DO NOT USE NOTEPAD.
– Copy the content of this file and paste into your .htaccess file, after the last entries there – if any.
– Save and close.
– Now your site can not be accessed from those countries you selected.

NOTE: If you do see a .htaccess file in your root folder, first confirm if you enabled “Show Hidden Files (dotfiles).” from your file manager. If you did, then you would have to create the file yourself;

– Open Notepad
– Go to “Save as type”, choose ” All Files”
– Under Filename, type .htaccess
– Save.
– Copy the content of the downloaded “cidr” file to your .htaccess file
– Save
– Upload to your root folder using your cPanel file manager
– Right click on this file and change permission to 0644.

2. BACKUPS

While backups may not be view as a security technique, it is the best way of securing your site. The truth is, no website is hack-proof if hackers are determined enough. Not even the high profile

companies with millions budgeted to website security have been spared. Yeah, ask Sony, Fox, Warner Bros, CBS and, lately, LinkedIn. This list is not exhaustive. So what if these guys dont have

their website backed up? Note that with your backups, your website can be up again in minutes.

The latest trend, nowadays, is for hackers not to deface your site but to use it for phishing.

To back up your site,

Option 1

– From your cPanel, under “Files”, click “Backups”
– Under “Full Backup”, click “Download or Generate a Full Website Backup”
– Under “Backup Directory”, select “Home Directory” from the dropdown menu
– You may insert your email address to be notified when the backup has been concluded.
– Navigate to your root folder, not “public_html”, you would see your backup in “tar.gz” compressed format
– Download to your local PC.

Option 2

Alternatively, you may backup to a remote location. It may be another shared hosting account or, preferrably, amazon s3.

Option 3

– Go to your WordPress Admin Page
– Under “Tools”, select “Export”
– Under “Choose what to export”, select “All Content”
– Click “Download Export File”

This will download, to your local PC, all of your posts, pages, comments, custom fields, terms, navigation menus and custom posts.

Your Images will not be downloaded! It is advisable to upload and access your images from 3rd party sites like flikr, dropbox, box, etc. That way, your images would be preserved when you are restoring your backup.

3. Delete Admin User

You will be shocked at the number of “bots” out there, carrying out “brute force” password hacking on the default WordPress Administrative account, “admin”.

– Go to your WordPress Admin Page
– Under “Users”, select “All Users”
– Create a new user, give it a very unique username
– Grant it Administrator role
– Give it a strong password, at least twelve characters long. To make it stronger, use a mix of upper and lower case letters, numbers and symbols like ! ” ? $ % ^ &
– Log in to your blog, now using this new user account
– Delete the admin account.

Next, we do a run down of recommended plugins. stay tuned!

2 Comments

  1. Wow! Never been so thrilled in my life. These are the information I have been seeking in years. Now I can safely back up my sites with peace of mind and at no cost. I tried backing up via the plugins and had to back pedal because most of them require online storage for a rental fee.

    Great tips

    Reply

Post Comment