There continues to be a concern over the increase in SQL injections and brute force password attacks with WordPress 2.7.1. I know of 3 blogs that have been victims of these types of attacks. There are ways to discourage would be hackers from trying to hack your WordPress installation.

Step 1

Download the WP Security Scan plugin. This is a valuable tool that scans your WordPress installation for security vulnerabilities and suggests corrective actions.

It checks the following

  1. Scans WordPress installation for file/directory permissions vulnerabilities
  2. Recommends corrective actions
  3. Scans for general security vulnerabilities

Note: There are database changes that you have to implement manually. If you’re not familiar with database tables, please consult someone who is.

Download WP Security Scan http://wordpress.org/extend/plugins/wp-security-scan/

To view the video tutorial on how to change your database table prefix, click here.

Step 2

How to protect files and folders:

This is how you control what happens if a browser enters a folder with no index file.

You have four options:

  • Default System Setting
  • No Indexes
  • Standard Indexing (text only)
  • Fancying Indexing (graphics)

No Indexes – Disable the folder index listing. It prevents browsers from viewing the contents of this directory. The browser receives a 403 (Forbidden) error.

To change your Index Manager to “No Indexes” follow the steps below.

1. Login to your host control panel
2. In the advance tab (usually) find Index Manager

index-manager

Next select Web Root than click on Go.

index-manager2

Next select the /public_html folder.

index-manager31

Next select “No Indexing” than click on Save.

index-manager4

Your files are now hidden within folders that currently do not have an index file.

These security tips will help discourage would be hackers from trying to exploit your WordPress installation. If you have other tips to share, please leave a comment.