Tips On Keeping Your WordPress Less Vulnerable To Hackers

WordPress, being one of the most popular publishing platforms and content management system also is the most frequent target for spammers. Google reacts quickly to identify the hacked sites – as a result your traffic and sales can drastically drop. The good news is that Google will try to make reasonable attempts to notify webmasters about potential problems via Google Webmasters Tools. However if you do not act quickly, it can be truly a devastating blow to your online presence.

So how do you prepare yourself for the event such as your blog being hacked by injecting code into your theme files or even database? Here are the steps that I would recommend to anyone using WordPress as their publishing platform or CMS:

• Register with Google Webmasters Tools. Not only Google Webmasters Tools can be useful in identifying the attack. You can also use the tools to resubmit your website for reconsideration once your dealt with threat and cleaned up the mess.
• Create Google alerts to notify you of a possible threat. While it is impossible to foresee every possible spam keyword you can create alert for the most common ones such as “viagra” or “port”. How do you create such an alert? Simple. Lets presume your domain is “yourdomain.com” your Google alert the will be for the search query “viagra site:yourdomain.com”. Of course relying on Google Alerts alone is not a good idea.
• Check the code yourself. It does not really take that much- right click your mouth and view the page source. Generally when attack is carried out the code is injected somewhere in common files and will be visible on every page of your website.
• If you modify your theme yourself- keep the back up of the version that includes your most recent updates. It is always good idea to keep a back up of your theme files no matter what.
• Keep the latest back up of your database. I find that WordPress Database Backup Plugin (HT: Andy Beard) – is one of the most useful plugin to have. You can tell the plugin to mail you the SQL file to the e-mail of your choice on a regular basis. I am doing it on a daily basis if you publish many posts per day you can chose for the back up to be made every couple of hours.
• Do not broadcast to the world the version of WordPress you are using. I have seen WordPress theme developers inserting a code that displays the current version of WordPress, most of the time it that code is found in the header.php file loog for the code and remove it. There is no reason for anyone to know what version you are using.
• Keep your WordPress and plugins updated. Current version of WordPress allows one click updates from withing your dashboard- there is really no excuse for us any longer.
• Keep your files in a directory that no one besides you knows about it. You can install or move your WordPres files to a directory that only you will know about- I will try elaborate on it in future especially on how to move your WordPress to another “secret” directory.

I have cleaned several WordPress installations for my friends over the period of last year. The hacker attack can be devastating if your are not prepared to deal with it. And yes it can happen to any one- even to the best of geeks.