Click Here To Download John Chow's Newest eBook - The Ultimate Online Profit Model
 

How To Secure Your WordPress Blog

written by Guest Blogger on August 18, 2011

Secure Affiliate Marketing

Getting a website hacked is occurring more often nowadays. You just have to read the news to know who these high profile hackers are. Hackers like Anonymous and Lulz have dominated the headlines recently hacking high profiled websites such as government websites like the CIA. Then there are those low profile hackers who hack ordinary websites. If you own WordPress sites for quite a while, chances are, you had experienced being hacked. If not then you are one of the lucky ones. Although the only fool-proof way from getting hacked is to disconnect your computer or server from a network, there are other ways in order to make your website more secure than it is now.

Here are 11 ways that you can use to secure your WordPress blog.

1 – Encrypt your login

Your password is sent unencrypted whenever you login. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffers. So it is always good to have your password encrypted as you login. A plugin that does this task is the Chap Secure Login plugin. This plugin adds a random hash to your password and authenticate your login with the CHAP protocol.

2 – Use a strong password

Even though your password is being encrypted as you login, if you use common or easy to guess password then you are not in a better position. Ensure you use a strong password that is difficult for others to guess. A strong password is usually characterize by making use a combination of digits, special characters and upper/lower case to form your password. You can also use the password checker on WordPress 2.5 and above to check the strength of your password.

3 – Change your login name

The default username is admin is widely known to hackers so it is essential to change the login name. In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.

Go to Users again. This time, check the box besides the admin user and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the drop down bar. This will transfer all the posts to your new user account. Press Confirm Deletion.

4 – Define user privilege

If there is more than one author for your blog, be sure to define what the capabilities or role for each user group will be. This will give you the ability to control what users can and cannot do in the blog. It’s bad practice to assign all of them the administrator role as this gives them a lot of power and control over your website.

5 – Upgrade to the latest version of WordPress and plugins

The WordPress team are continually improving the security of WordPress itself as they also fall victim to hackers. Having the latest version of WordPress always contains bugs fixes for any security vulnerabilities.

6 – Backup your WordPress database

This is perhaps the most important pointer of all. When hackers take your site down, at least you can have the security of restoring its last known working version. Ask you web hosting provider if they backup you site. Otherwise there are plugins that can do the backup for you.

7 – Remove WordPress version info

The more information that you give to hackers the better they can prepare for a hack attack. Some WordPress sites/themes include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version. To remove the WordPress version info, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like:

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

Delete it and press Update File. In WP2.6 and above, WordPress automatically includes the version in the Wp_head section. To fix this, you can simply install the WP-Security Scan plugin.

8 – Protect your wp-admin folder

Your wp-admin folder contains all the important website information and it is the last place that you want to give access to others. Use AskApache Password Protect to password protect the directory and give access right only to authorized personnel.


9 – Hide your plugins folder

If you go to your http://yourwebsite.com/wp-content/plugins, you can see a list of plugins that you are using for your blog. Be sure to hide this page by uploading an empty index.html to the plugin directory. Open your text editor. Save the blank document as index.html. Using a ftp program, upload the index.html to the wp-content/plugins folder.

10 – Perform a regular security scan

Install the wp-security-scan plugin and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.

11 – Stop brute force attack

Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, you can install the login lockdown plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

This article has been prepared by http://htmlpress.net, which is a WordPress website tutorial for all levels. We provide step-by-step tutorials on how you can create and maintain your own website for FREE!

Did you enjoy this post? Get John Chow Dot Com updates via email...

Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.

{ 127 comments }

Luu Tran August 18, 2011 at 9:20 am

Thanks for the info John!
I’ll definitely check out this list and give them a try.

[email protected] August 18, 2011 at 2:58 pm

Yea this is great info for ones that are especially ignorant to security issues that may harm our blog services now and days

Chiprang August 18, 2011 at 3:03 pm

I’ll give a try with my WP. Great info.

ZK @ Web Marketing Tips August 19, 2011 at 6:39 am

JOHN ONE QUESTION

You started a new website and you want to build links for it, than tell us TOP 5 link building service you will purchase or you will do.

Kevin Kimes August 18, 2011 at 5:35 pm

It’s a guest post.

But, very useful anyways. However, the CHAP plugin seems marginal, it might not even be doing anything.

Another option to consider for anyone running a real business over the internet, is a VPN. If you first connect through a secure VPN, everything you do during the VPN session is secured and encrypted.

If your entire income is in your online business, then I’d also suggest a VPN service which provides security token double authentication. Basically, when logging in, you press a button on a key fob which gives you a string of numbers to enter into a secondary login. These systems are as close to hack-proof as you can get.

Erwin Miradi August 19, 2011 at 7:47 am

Nice information Kevin. That’s new for me so I’ll check that out soon.

Property Marbella August 19, 2011 at 1:21 pm

Many good things to consider if you have a blog to protect you from hackers

Social Bookmarking Service August 23, 2011 at 8:58 pm

Now that one is quite useful guude from a person who is from tech background.

Kevin … How much do you think a VPN will cost per month.

Abhik August 19, 2011 at 10:48 pm

It’s not John, buddy.

Taylor August 18, 2011 at 9:21 am

Thanks, John.

I was actually wondering how I could protect my site. I will be going through these steps later today. :)

Bryan August 18, 2011 at 9:21 am

Great tips John! I use most of these already, but a few are new and are worth looking into.

Abhik August 19, 2011 at 10:53 pm

There is always a room to improve :)

ZK @ Web Marketing Tips August 22, 2011 at 2:34 am

Its a guest post my friend …. Not by John.

Do not know when John is going to add guest blogger photo option. That will be great for every guest blogger to get more recognition.

Fauna Pryca August 18, 2011 at 9:23 am

Excellent. Thank you very much for your help, hints and tips.

Rafiki.

Dave Doolin August 18, 2011 at 9:24 am

Secure logins and password salts are the Next Big Thing in WP security. Thanks for mentioning those, John.

Social Bookmarking Service August 23, 2011 at 8:43 pm

I do not understand one thing when these secure service knows how to protect wordpress than why not wordpress itself add these kind of services to their amendments …

Erik August 18, 2011 at 9:25 am

This is great information John as I have just recently started my own Wordpress blog. Keep those great blog advice coming. :)

Thanks.

Health Blog August 18, 2011 at 9:25 am

Thanks again John for your great post. It help bloggers a lot.

Gizmodigit August 18, 2011 at 9:29 am

As always John came out with one more quality content and some of above tips/plugins already known by us but some are really good! Wp-security scan is excellent plugin ever I used as it always give us chance to scan logs I also advice to use WP CleanFix which also help to reduce your database too!

Samir August 18, 2011 at 9:31 am

While the other security measures are fairly common, I’m really glad to know about the password encryption plugin. I hadn’t really thought about encryption of wordpress passwords.

ZK @ Web Marketing Tips August 22, 2011 at 2:35 am

What do you think about point no 9?

Social Bookmarking Service August 23, 2011 at 8:29 pm

Point No 9 is quite to easy to implement and sounding very effective.

edward August 18, 2011 at 9:33 am

I was hacked before and I lost my earning. It was a shame because the hacker is from London and I am from a third world country. Lol

Social Bookmarking Service August 23, 2011 at 8:30 pm

What so shame about it … do you think that in London only Royal people or Queen’s relative lives ?

No my dear … culprit is everywhere …

Blog SEO August 18, 2011 at 9:34 am

Nice one JC. Added a few of those to my site :)

Thanks!

Social Bookmarking Service August 23, 2011 at 8:34 pm

Its a guest post my friend …

Guest blogger have not provided their names but yes they have provided their website which you can visit here – http://htmlpress.net/

Steve August 18, 2011 at 9:41 am

I like the plugin Secure Wordpress from Wordpress.org which does many of the items you mention here and I also just started using CloudFlare as a free CDN/Security DNS provider, works great.

Timo August 18, 2011 at 9:41 am

Very interesting post.
It is very important to encrypt your login details, everywhere. And I really mean everywhere. Many people do the mistake to use the same login details on every account they have and once it leaks they going to be in big trouble.

Travis August 18, 2011 at 9:41 am

I would also suggest installing something like WordPress File Monitor Plus which e-mails you when files are added/deleted/changed. I would also lock down your wp-config file to CHMOD 400 since this is a very important file for WP and suggest loading Secure WordPress which is authored by the same company that does WP-Security Scan.

I have also used ultimate security checker which will check some additional server settings for you.

ZK @ Web Marketing Tips August 22, 2011 at 2:59 am

You are adding many locks … Boy this one will make your blog super duper safe.

Damir August 18, 2011 at 9:46 am

Hi John,

very useful article, definitely going in my “important bookmarks” folder. Thank you very much!

Abhik August 19, 2011 at 11:04 pm

Me too bookmarked it for a later read.!!

Social Bookmarking Service August 23, 2011 at 8:37 pm

For Bookmark, Do you guys use Digg or similar website or simply bookmark in your browser …

I would recommend to use Digg … this will provide some value to John as well.

Logan Wenger August 18, 2011 at 9:46 am

I had no idea about Chap Secure Login. In the past, I have used SSL certificates, but that can get costly when only needing security for login protection. Definitely going to add these eight features to my websites and client sites as well. Thanks for another great post John!

Christine August 18, 2011 at 9:51 am

Hi,
This is not a subject that is spoken about on blogs but I feel it is very important. Until I read this blog post I was unaware how you could change a user name, so many thanks John. I will be looking at the plug ins you suggested.

Christine

John August 18, 2011 at 9:54 am

Hi John,

Great article. You nailed them all — the only one I didn’t have covered is #9:

So thanks for that, it’s always great to learn something new.

Henry@ HoArticleRev.com August 18, 2011 at 9:58 am

There is no other way to describe this technical article than saying it is awesome. Keep it coming John. You are an Internet enigma

John August 18, 2011 at 9:59 am

Hi John,

Great article. You nailed them all — the only one I didn’t have covered is this one:

#9. Hide your plugins folder.

So thanks for that, it’s always great to learn something new.

Ivin August 18, 2011 at 10:02 am

Hello John. This tutorial is especially valuable for those that have intellectual property and affiliate links deep within the archive. I heard hackers go in and change the link to theirs.

yuvraj awasthi August 18, 2011 at 10:08 am

Thanks a ton for your advice… my site got hacked twice the last month and i had to restore all the settings which i did initially. I later on changed my theme and it seemed to get finished after that.

Is there any relation of wordpress themes to this?

Eddie Lopez @ Aprende Mercadeo en Linea August 18, 2011 at 10:11 am

Great tips, online security is one of those subjects that most people take into account when it is aleady too late… I would also suggest to delete the install script (wp-install.php, I think it is…) as soon as you are done installing your blog. Leaving it there is an open door to a lot of trouble in the future… Cheers!

Emo August 18, 2011 at 10:13 am

I was actually hacked not long back, but lckily i had backed up the site so easily fixed. Hopefully it wont happen again if i implement these steps

The Bad Blogger August 18, 2011 at 10:14 am

My blog was hack recently and luckily a team of freelance I hired help me out and now I’m using cloudflare to run my blog not sure if it’s good for my site security but there have been quite a few reviews about them that said cloudflare is a good security cdn so I was wondering if this blog had any cdn running?

Adam James August 18, 2011 at 10:15 am

Cheers for posting this John, great stuff.

wp security scan is great, and i’d recommend anyone who uses it to sign up to the websitedefender website, it will periodically scan your website for vulnerabilities it works in a similar way to wordpress file monitor by letting you find which files have been deleted, changed etc, but also lists these in order of severity and also checks for other vulnerabilities.

rick August 18, 2011 at 10:31 am

Thank’s for the security tips John. Most bloggers probably think that hackers would not waste time with their small blogs, but you should still take precautions.

Tips tricks Blogger August 18, 2011 at 10:48 am

Thanks Jhon for sharing this. We all know that wordpress is an open source that is why there are some people who really new about wordpress template. All thing that you have listed can really help.

zik August 18, 2011 at 10:52 am

thank for the tips.. looking need to install several plug in as protection..

Skye Diaz | motherhood, etc. August 18, 2011 at 10:56 am

Love these ideas, thanks John!! Will certainly implement these on my blog!

Fashion Editorials August 18, 2011 at 10:57 am

I have a problem, after i’ve installed AskApache Password Protect, i set up the username and password and i activated some of the features, i cannot access mysite.com/wp-admin anymore, how can i change it back?

Thanks for the share! :)

fas August 18, 2011 at 10:58 am

Excellent tips. Hoping for a follow up on each and how to do them step by step :)

Treb August 18, 2011 at 11:35 am

Great tips and thanks for sharing a list… I will definitely try this and see where it would take me… Thanks for sharing….

Raymond August 18, 2011 at 11:45 am

Come on John. You can do better. Tell me something I didn’t already do or know ;-)

ZK @ Web Marketing Tips August 22, 2011 at 3:00 am

But this is quite beneficial for those people who have started their blogs recently.

For them these tips are life saving.

Caleb August 18, 2011 at 12:16 pm

Never heard of no7 and no9 and wondering inparticular how a blank index file in plugins folder helps:?:

Travis August 19, 2011 at 4:19 am

Because there is no index file when you navigate to the plugin folder you can see the directory structure which tells a hacker what plugins you have installed. They can then exploit known vulnerabilities a lot easier. Adding a blank index file means the server sends them a blank page instead of the directory listing.

ZK @ Web Marketing Tips August 22, 2011 at 3:02 am

Yes this one is quite useful and heard it 1st time to be very honest.

Thanks to you.

Alan August 18, 2011 at 12:36 pm

Great info. Thanks for putting this together and keep up the good work!

Justice Wordlaw IV August 18, 2011 at 12:39 pm

I tried deleting the account but it’s saying that I can’t delete that main account that I have on there. Is their another way of doing it or?

Jason B. August 18, 2011 at 1:01 pm

These are such great tips, and it’s the sort of thing most people don’t think about until they get hacked. I’ve got to get moving on this list, starting with #1!

Erwin Miradi August 19, 2011 at 7:50 am

Yeah I’ve been there. I had my site defaced few years ago by some low profile hackers only for the sake of some hacking competition. So I guess securing your website right now is a good decision.

ZK @ Web Marketing Tips August 22, 2011 at 3:04 am

Yes we search these tips and tricks once we got hacked ….

Tom Durkin August 18, 2011 at 1:25 pm

Good tips, luckily I’ve got most of these bases covered! :)

ZK @ Web Marketing Tips August 22, 2011 at 3:06 am

So would you like to add any further tips with this list … ?

Work From Home with kreatio August 18, 2011 at 1:33 pm

Some great tips here john thanks alot .

I think the bruteforce plugin should be included on basic wordpress anyway.. makes sense.

Caleb August 18, 2011 at 1:36 pm

I came across something else concerning number7 just as I was about to delete wordpress version in my header file it says right besides it “to leave it for stats”. So if I delete this will I no longer get accurate stats and I also ran into the same issue as commenter Justice Wordlaw :?:

Looks like there needs to be a REVAMPING to the instructions in this post :roll:

Rachel August 18, 2011 at 1:51 pm

Thanks John! This is really important info. I’ve been hearing lately of people site’s getting hacked; thanks for giving detailed -but clear!- steps to take in order to prevent that from happening.

Judy August 18, 2011 at 2:21 pm

Great info,Just what I needed. I need to get back to my blog and get it up and running properly.
Now all we need to know is how to keep those darn spammers away.

make money online in kenya August 18, 2011 at 2:22 pm

thanks very much John Chow for this tips. Getting my blog hacked is one of the most scary prospects.

Matt August 18, 2011 at 2:34 pm

John, this is a great post. In regards to point #2 about choosing a user role, a lot of people don’t’ realize that you can choose a username like: KMWe4GvKt9n9Ww7JzeKRFb28fVB which will make it even harder for hackers to hack your site (as it will take that much longer to “crack”), if you can remember your password, it can be that more easily hacked. Using a password management tool such as roboform or lastpassword is crucial to online security (as is using different usernames and passwords for each site) I go over this an a lot more in my new Wordpress Security Course – “Wordpress Security Lockdown” which users can check out here: http://www.howtosecurewordpress.com

Naveen's Blog August 18, 2011 at 3:44 pm

Thank you for this awesome information.

Will do all of these and see..

Nick August 18, 2011 at 6:09 pm

Great post. Very helpful info. As I’m using Wordpress now for my wenger backpack website. So this post helps me a lot. Thanks for sharing.

Ruziha Osman August 18, 2011 at 6:53 pm

Thank you for the heads up, John. Appreciate it very much!

Bob August 18, 2011 at 8:11 pm

Thanks a lot John for sharing this. I did not realize this before. Cool tips and it helps a lot.
I will try this soon.

Josue August 18, 2011 at 8:23 pm

Thanks for all the valuable tips, very important. Most important part is to do it NOW, not tomorrow.

PPC Ian August 19, 2011 at 12:28 pm

Very true. Any action you can take today (even if it’s just one or two of the tips) is much better than waiting until later. Time to secure our blogs now!

Atreya August 18, 2011 at 10:26 pm

Hey John
Thanks for the great piece of info.. A few are already known.. BTW.. could you please tell me about how useful the STEALTH plugin is..??

afandi August 18, 2011 at 11:21 pm

Great post! Thanks a lot! I will added that to my blog!

Top Mba Colleges August 18, 2011 at 11:23 pm

We should always secure our blog with some security else there will be possible of virus affect and some other issues

Shipping August 18, 2011 at 11:49 pm

It is quit interesting to know about to secure our wordpress blog. Thanks John

twicat.com August 19, 2011 at 1:16 am

great info John
thank u

Hostpany August 19, 2011 at 2:07 am

What if a person like you get hacked? You’re like the top 5 blogger, are they able to really damage you even though you have your wordpress back up and all? Can they really do any damage beside wasting one or two days?

I guess you would lose some income within that time frame.

Anyway, thanks for the tips John.

Blogging earning August 19, 2011 at 3:33 am

My site was hacked due a poor password set. Later i have to undergo lot of problems in rebuilding the site again.
It is always good to have password which has special signs and lengthy password.

PPC Ian August 19, 2011 at 12:27 pm

That is a very great point. The more security the better. Make your passwords VERY hard for humans to guess.

Shanling August 19, 2011 at 6:20 am

Thank you for the info. It’s very helpful

Erwin Miradi August 19, 2011 at 7:46 am

Thanks a lot for sharing this. I agree that security is one most important thing as you could lose everything overnight without it.

Kelly| product reviews August 19, 2011 at 8:07 am

John,

I jumped when my password didn’t work for my blog, so I implemented most of your tips right away.
Thanks for the heads up!
Thanks

Alex Salvador August 19, 2011 at 8:17 am

Thank you! I’m going to implement these tips right away.

Ken August 19, 2011 at 11:08 am

Great security tips. I have just updated login information for my blogs.

Thanks,

Ken

PPC Ian August 19, 2011 at 12:26 pm

One of the best guest posts I’ve read here on John Chow dot Com.Thanks for the great WordPress security tips.

Property Marbella August 19, 2011 at 1:21 pm

The worst thing about passwords is that they are so easy, here is a list of the 10 most common set of passwords. It is scary that people are using them.
1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace 1
8. password 1
9. blink182
10. (your company)

fazal mayar August 19, 2011 at 1:29 pm

thanks for the info, i also had a blogpost on this topic because more and more blogs get hacked.

Brandon August 19, 2011 at 3:45 pm

Other things I’ve added to my own install: in .htaccess add the directive: ‘options -indexes’ (drop the quotes) and that will keep any directory that doesn’t have an index page from having it’s contents listed. I’ve also got my .htaccess permissions set to 444 (I’ve seen a lot of .htaccess files that have stuff injected into them, this should help prevent that). And call me paranoid but I have a custom php.ini file setup and have it set as the default in my .htaccess. Inside the php.ini I have a very long disable_functions list, system, eval, exec, shell_exec, system are probably the most important.

Ari Laksemi August 19, 2011 at 3:53 pm

Nice tips, Thanks, I think this is very useful, will try on my blogs.

James August 19, 2011 at 7:35 pm

Nice tips,John.Another way I know that you can add “login user checker coding” to the theme functions.php file. If anyone want to check out how it’s effect,you can go to my website and try to go to the login page. Finally,a message appear “Sorry, you do not have the right to access this blog”. I thing it’s very helpful.

Abhik August 19, 2011 at 10:46 pm

I can easily access your login page.. :p

James August 20, 2011 at 2:37 pm

Are you serious?How?

ZK @ Web Marketing Tips August 21, 2011 at 4:22 am

He is saying he can access login page but never said he can login …. Lollzz

Abhik August 19, 2011 at 10:44 pm

Thanks for the tip..
It’s really necessary to secure your wordpress installation to extreme.

muse74 August 19, 2011 at 11:01 pm

thank you john share this very useful info.

wparena August 20, 2011 at 5:03 am

This is very informative piece of writing about WordPress security, Although the WorPress 3.0 release would be more secure and your valuable guide will help new blogger to secure their wordpress site

Alvaro August 20, 2011 at 8:28 am

reading this post reminds me some hacking I suffered on one of my blogs, with no backup…. Very useful info

ZK @ Web Marketing Tips August 21, 2011 at 4:20 am

Nightmare … If that was your earning blog ….

MykeTech August 21, 2011 at 9:57 am

Ah.. I don’t want this to happen to me!! Time to secure as much as I can. I think WP should come with more protection if blogs are being hacked..

Mohit August 20, 2011 at 9:10 am

My friend’s blog got hacked recently. This article is certainly gonna save a lot of bloggers! Thanks for the info
-Mohit

ZK @ Web Marketing Tips August 21, 2011 at 4:06 am

So according to you on which option he have not worked properly.

craig August 20, 2011 at 11:04 am

thanks! for a young blog this is invaluable.

Marcelo August 20, 2011 at 11:49 am

Hi John, this post is exactly what I was looking for to protect my blogs. I am fear of having problems with hackers. I will implement these tips as soon as possible. Thanks.

BajuKurung August 21, 2011 at 1:46 am

great tips for a newbie like me…thanks for sharing…

ZK @ Web Marketing Tips August 21, 2011 at 4:03 am

Point No 9 is very less known to many webmasters, glad that you added here ….

MykeTech August 21, 2011 at 9:54 am

I’ve done everything including #9 thanks for the tip and great blog post!

Eddie August 21, 2011 at 9:07 pm

More articles like these please. I think a lot of people are into WordPress these days.

Erik von Werlhof August 21, 2011 at 9:29 pm

Once again, I can’t thank you enough for the great info that you share with the blogging community. Due to your posts, I am always learning something new and beneficial.

Much gratitude and respect!

Erik von Werlhof

Tony Payne August 22, 2011 at 1:50 am

Great advice, thanks. There are several things I hadn’t thought about here, and several plugins I hadn’t seen mentioned before that sound like they ought to be invaluable.

Dress Making August 22, 2011 at 9:48 pm

wordpress its an easy accessible cms everyone love to have it

Hezy August 23, 2011 at 9:39 pm

Great advice! I’ve been looking for something like this for a while now. Thanks!

mercuryjtb August 24, 2011 at 1:36 am

GOoD day, John!

This is absolutely informative!
Thanks.

Stocksicity August 26, 2011 at 7:02 pm

Surprised I haven’t come across the security scan plugin yet. Have so many more, about to get that installed now.

Codero Coupon August 26, 2011 at 7:29 pm

This is the most detailed one about wp security I’ve seen. Thanks John and thanks the writer.

Gift Ideas September 5, 2011 at 3:19 am

Yes, the most important tip to secure the blog is using always quality content.

Mark September 6, 2011 at 6:26 pm

Just a note about Login Lockdown – it’s Ok. But, :Login Lock is better – way better. Check it out in the WordPress repository and compare it Login Lockdown, the differences are gigantic.

https://wpsecurity.net/wordpress-security-login-lock/

Mark

Xprezi September 6, 2011 at 9:15 pm

Very Good Sharing John….I want to thank you so much

Matt September 18, 2011 at 6:34 am

You could also add to the list, “use second factor authentication” instead of standard passwords.

There is a new website authentication method https://www.shieldpass.com where you buy cheap access cards and then add the widget to your login page. You then place your card onto the screen to see the dynamic login numbers instead of a static password. It is unique in also being able to encode transaction digits for mutual authentication which stops attackers man in the middle tactics, even one with access into your laptop or mobile.

Gopal September 21, 2011 at 5:11 am

Thanks a lot…i was unaware of all these……came for the first time on this site….i am haappy that i did. :)

Mochamad September 29, 2011 at 2:50 am

Thank John. This is very useful posting for me. I hope the hackers will give up and run away after reading this post and they will not disturb the world again.

Gift Ideas October 1, 2011 at 1:16 am

I think any one can not hack W-blog.

Twicat.com October 3, 2011 at 6:15 am

great info, worth implementing it
thnx

Cheolsu October 12, 2011 at 12:49 am

Its always keep the wordpress version up-to-date. I just installed Login LockDown plugin after reading this post.