How to secure your WordPress blog?

My website was once hacked by a hacker from Saudi Arabia. He managed to get into the server and replaced the index.php file with his own index file. I don’t know how he can get into my server but I have learnt many things from that bad experience.

Always upgrade your WordPress to the latest version – It is really recommended to upgrade your WordPress to the latest version. It is because each new version contains bug fixes and patches to vulnerabilities that exist in the older version. So make sure that you upgrade your WordPress when the latest version is out.

Files and folders permission – In WordPress, we need to set permission to certain files or folders to make it works properly. Especially when using plugins that need special CHMOD 777 permission. When you doing this, make sure that you give permission to the correct files and folders only. We don’t want other peoples can upload and run script through our server, right?

Use strong password – Bloggers who setup their own Worpdress site will use “admin” as their username and their own password to login into their admin dashboard. This “admin” username is default by WordPress script, so there is no way for us to change our username unless you create new user account and set it as Administrator privilege. To protect your admin account, you need to create a strong password. I know you already have your own way to choose your password but I would like to share this tool that will help you to create even stronger password.

Avoid using public PC or unsecured network – I know some of you login to your WordPress blog from Cyber Cafe (CC) or using free public Internet access like at Pizza Hut, restaurant, etc. I want to tell you that some CCs are not secure. They might install keylogger into their PC so you will not know that whatever you do with the PC is being recorded by their hidden keylogger. The keylogger will record each keystroke that you press (eg: password) and some advanced keylogger can printscreen the desktop while you surfing the Internet. With these informations, they can take over your blog and they can do whatever they like.

Always backup your database – Always backup your WordPress database at least once per week. But it is depend on how many posts you make in a week though. For an example, I always do backup once in two days. So I will have latest database stored in my computer. To make it more secure, I lock all my databases using Folder Lock. So no one can get the databases even they has physical access to my PC.

There are many ways that attacker can gain access to your WordPress blog. Only times will know when your blog will get hacked. But with this short article on how to secure your WordPress blog, I hope it can help you to make your WordPress blog more secure than before.


  1. set password protected directory for your /wp-admin/ folder

  2. Laa..Ko pun kene cam aku

  3. #noavtech – Tak boleh buat macam tu brader. Nanti kalau ada orang nak unsubscribe comment, dorang tak boleh nak masuk.

    #Overclock – Hu3. Standard la brader. 😀

  4. oh..kalo gitu,buang lah subscribe tu muahahahah!!
    make sure security always come first katanya mat saleh

  5. Backup is the most important of the above. Prevention will always be better than cure, remember.

  6. Sering ganti pasword, brader…

  7. huhu…bahaya gak yerk…aku nyer pun dah kena hack skali..tapi tak ar cam ko, cover muka depan terus.. 🙂

  8. open source "wordpress" still need several upgrade to maintain their security, but bro…..backup is the important thing

  9. Nice post. Do you like britney ? You can find Britney’s new Songs and MTVs at
    Britney Times