WordPress Security

WordPress Security To Save Your Blog Big Time

Imagine a fine morning when you wake up from a nice sleep, freshen up and sit in front of your computer to check on your blog and find everything is gone. Isn’t that like a bad dream for you? What would you do if your blog got hacked or accidentally deleted by your web hosting provider? Are you ready for such situations? Are you aware of your WordPress Security or just leaving it to luck?

WordPress Security

WordPress Security.. Prevention Is Better Than Cure

That’s actually what you should follow. Don’t let any intruder hack into your blog first off. If you don’t know how to prevent malicious attacks, I am going to let you know about three free plugins for WordPress that will make your blog more secure by removing known vulnerabilities and blocking future attacks.

1. BulletProof Security This plugin protects your blog against various types of attacks such as XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. It adds security using .htaccess file therefore works only on Linux hosting environment. The security can be controlled via WordPress Admin making it easy to use even for novices. I recommend this plugin to my friends and clients whenever I have a chance.

2. Theme Authenticity Checker Normally all the hackings are done by injecting malicious codes into the theme files. This plugin thoroughly checks every file in your blog’s theme folder and reports if any malicious codes found.

3. AskApache Password Protect Why shouldn’t we add another level of security to the admin panel? Well, this plugin does exactly that. You can protect your ‘wp-admin’ directory with a secondary password that needs to be entered before accessing the admin login page with the help of this plugin. This plugin hasn’t been updated for long and WordPress is now showing a warning, but, the plugin still works.

Now let’s have a look at the other side.

Hope For The Best, But Plan For The Worst

That being said, after all those wordpress security measures, your blog got hacked, or the blog is deleted by your web host, what you will do? Bang your head against a wall? Or you are the one of us who takes regular backup of our blogs for critical situations like that? If not, you must read on. I am going to tell you how you can back up your blog automatically and have some peace of mind. I guess you already know the importance of having a backup as it is beyond the scope of this blog post to clarify.

Manual backups are always preferred, but just not possible to do every day. I therefore use two plugins that help me automate the process. If you are willing to spend money, I highly recommend VaultPress, a premium backup service from the developer of WordPress itself. If you are not and looking for free alternatives, here are two I recommend;

1. WordPress Backup To Dropbox → I am personally using it in addition to VaultPress. You just need to choose a day and time for the backup (in my case, every day at midnight) and the plugin will do the rest. It will automatically backup your files and MySQL database to DropBox. All you need to have is a free DropBox account (get one here if you don’t have already).

2. XCloner XCloner can backup and restore files, folders and database within the WordPress installation. It offers manual as well as scheduled (automatic) backups. The feature that I like most is the ability to compress the whole backup in a single file. The thing I hate is that it stores the backup locally on your sever and you have to download it manually on your local machine.

Now you know how to fight your worst nightmare and prepared to avoid unwanted situations. If you have questions or doubt on WordPress security, just shoot a comment below and I’ll be glad to help.

A young Blogger and Internet Marketer from Kolkata, India.I blog about Blogging in my blog ItsAbhikDotCom. If you wanna know what Professional Blogging Model is, go read my eBook, ProBloggingModel which I offer for FREE to my subscribers.


Get our latest articles delivered to your email inbox, plus download our FREE 15 minutes later marketing guide.

We respect your privacy!

{ 18 comments… add one }

  • Chetan Gupta February 9, 2014, 12:53 am

    Hi Abhik
    Thanks for sharing this wonderful article on WordPress security. I want to ask a question that I am using a plugin named ” better wp security ” for WordPress security now I wants to know that Is there any way by which hacker can enter in the cpanel of my blog??
    Chetan Gupta recently posted..How To Protect Gmail Account From Hackers – Gmail Security TipsMy Profile

  • Chetan Gupta October 3, 2013, 12:53 pm

    Securing WordPress blog is most important because It contains our hard work. And thanks for explaining about this information. I am also using a WordPress security plugin to secure my blog. ;)
    Chetan Gupta recently posted..Killer Trick to Get Traffic From Google Plus – How to ?My Profile

  • Cheryl Ragsdale September 6, 2013, 10:14 am

    Hello Abhik,
    Thank you for this useful information. I’ve been assuming that Hostgator automatically backs up my blogs, but I just found out that I have used up all of my capacity. Of course, no one mentioned that to me. Lucky for me, I found out during a recent phone call. The tech told me back-ups weren’t happening. How would I have known?!

    I installed the “Back Up WordPress” plug-in. After reading your post, I’m going to investigate more alternatives. Plus, I need to make time to sort out how to create more capacity with Hostgator.
    Cheryl Ragsdale recently posted..What Ever Happened to ThatGirlisFunny?My Profile

  • Hugh Leon May 25, 2013, 8:59 pm

    Great Security Plugin List Abhik, Theme Authenticity Checker is definitely the must have plugin, Because nulled themes are the top sources of hacks

  • Lorenzo May 14, 2013, 2:07 pm

    Also recommend Limit Login Attempts. Helps improve the security of your site by temporarily blocking IP Addresses that attempt a “brute force” attack on your WordPress admin.

    Its available from the WP plugins directory.

  • Prakash April 17, 2013, 6:30 am

    I have used bulletproof security and still using it on my blogs. We should use one of the best plugins available for wordpress.

  • Jennifer Vu April 11, 2013, 11:31 pm

    Great list for consideration. I actually don’t know what tools are reliable enough to check whether my themes or plugins are safe. My experience is that we should only use genuine products, not using cracked, nulled…stuff to be best safe. Thanks, Jen

  • Amit Sharma
    April 9, 2013, 8:44 pm

    Another good WordPress plugin to add is, Google Authenticator Plugin, that will setup Two step verification mechanism on your WordPress blog. It’s worth it, to add an extra layer of security to our WordPress login process.

  • Abdullah March 17, 2013, 8:14 am

    When I first started my blogging career, I used Freshlife theme which was downloaded from internet for free. I do not know at that particular moment that theme contained a malicious malware code. I was so confused and scared about the virus which was displaying in webmaster tools. .

    Later I asked some of my fellow bloggers for help and then they introduced me TAC – Theme Authenticity Checker which indeed helped me in finding out the malicious code.

  • Nickie Leaks March 6, 2013, 9:19 pm

    Thanks a lot for this, I have been worrying my pretty little head off wondering what I would if something like this happens.

  • charansingh January 4, 2013, 8:01 am

    I have been studying up recently trying to put together a good security strategy for an existing site and it’s beginning to feel a bit like trying to learn a new language. I’m hoping that I might be able to get a little advice from some WordPress experts on the matter.

    So far these are the plugins/services I am looking at:
    1. Bulletproof Security Plugin
    2. Better WP Security Plugin
    3. Secure WordPress Plugin
    4. Sucuri.net services
    5. Website Defender’s beta security service

    I am not someone who knows how to edit .htaccess files or coding or anything like that.

    I have done a few things already though like moving the wp-config.php file, deleting the readme.html/install.php files. I put a blank index.html file in the uploads directory. I’m also considering password protecting my admin folder through cpanel. That’s about the extent of what I know how to do technically and honestly I don’t even fully understand why I did these things, except that they were recommended to me by someone I trust.

  • Ravinder Mehta January 1, 2013, 12:13 am

    Thanks for your informational post .
    m sure this blog post should be a must read post for all the newbie bloggers out there…

  • Rajandran R December 30, 2012, 3:42 pm

    Its will be a painful job if your blog size is very huge and got hacked and if you havent backup yet.
    Restoration of such a huge blogs will be really painful. Is there any methodology to overcome this problem as non of the WP Plugins are working in backup a big size blogs.
    Rajandran R recently posted..Nifty and Bank Nifty Positional Trend Review and Open Interest LookupMy Profile

    • Abhik Biswas
      December 31, 2012, 5:34 am

      “non of the WP Plugins are working in backup a big size blogs”
      You really should try WordPress Backup To DropBox. It works flawlessly with much bigger blogs.
      Abhik Biswas recently posted..How to Use Pinterest on iPadMy Profile

  • Michael
    December 29, 2012, 11:27 am

    Hi Abhik,

    Thank you for bringing these plugin’s to my attention. I went ahead and installed a couple of them right away.

    I also use “WP – Database Security” for security and WP-DBManager for backup.

    Thank you for the article and a happy new year to you.


  • Sai Kumar
    December 28, 2012, 9:17 pm

    Hello Abhik Biswas, Great list of Security plugins bro. I almost use all the listed plugins expect AskApache Password Protect to secure my WordPress blog. Thanks for sharing!
    Sai Kumar recently posted..6 Tips to Choose the Right Domain NameMy Profile

Leave a Comment

CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)