With Wordpress being a very popular free and open source software, it can be very easy for hackers to find vulnerabilities and exploit them on whoever they want. In this post I’m going to explain measures you can take to make sure your site doesn’t fall victim to an attack.

1. Run The Most Recent Version.

With each release comes new bugs and new vulnerabilities making it very important that you keep your WordPress up to date, as well as plugins that you have installed. Most newer versions even let you upgrade right within your WordPress Admin Panel.

2. Search For Vulnerabilities.

With the WP Security Scan plugin you can scan your WordPress installation for security vulnerabilities and it suggests corrective actions. It covers passwords, file permissions, database security, version hiding, WordPress admin protection/security and removes WP Generator META tag from core code.

3. Protect Your Login & Password.

Most people that want to hack a WordPress blog usually start first with trying to guess your password. Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

4. Secure Your Wordpress.

Secure WordPress helps to secure your WordPress installation by removing error information on login pages, adds index.html to the plugin directory, removes the WP-version, except in the admin area.

If you have other plugins or ways you secure your WordPress installations please put them in the comments!