I guess I am almost paranoid about internet security. My Facebook for example (My personal one that is) is so shut down that not even I can find myself. Personally I have heard of and dealt with too many computers that have been hacked or corrupted by viruses. I can never understand what pleasure people get out of being so spiteful to others that they cause them monetary harm by attacking their computers. Many of those folks really enjoy using their computers and it is their only link to the outside world. A lot of them are not really internet savvy and as a result they end up with so many Trojans and viruses their computers crash.

That being said you need to protect your website as much as possible from outside attacks. Some of the things you can do will be discussed below.

Your Basic Theme Info

Your theme has code in the head tags which really needs to be replace so as to make it non visible by taking a couple of steps  so no hacker with bad intentions make use of it to target vulnerabilities.
Head over to your themes header.php and see if this line appears in your code.

If it is there remove it.
You will also need to remove it from the hook. To do this you need to head over to the functions.php area and paste the following code in there

That should deal with that but there are other areas.

Your Login info

Your Login info should not show any error messages. You need to head on over to the functions.php and then place the following code in there.

no more messages should appear now about you incorrect logins or passwords.

Searching on your Theme

Rather than using the default search install a Google custom search or one of the other search engines. There is a whole tutorial on how to install Google search on your site.

Hooks and Calls Reduced

By reducing the number of hooks and calls on your blog you can reduce the slowing down of your site. Do not put stuff on just to have it because each time you increase the load you slow your site down. One way you can reduce it is by changing the call on your blog info to that of your blog name.

In your header.php there will be a particular line of code which you can change.

Take out this:

and replace it with this.

Obviously you need to change the section to your actual blog name.

You need to check all the various function calls which you might need to change because each one adds to the load on your server.

You should also look into using something like WP Cache as this lightens the load because by caching there isn’t such a large server load pull. This is available from WordPress as a plug-in. What it does is store the pages in a static file (rather than having to reload them in php and take them from you database) and thus it can produce them in a far faster time.

Being up to date with your security on the internet is a full time task nowadays. Just when you think you have the whole thing wrapped up, out comes another threat to attack the internet. Quite frankly I don’t see what fun they get out of it. I mean it isn’t as if they can see what they are doing and do they ever think of the person on the other side?  That might be their only connection to the outside world. Be that as it may there are so many viruses Trojans worms and other junk on the band waves it is hard to keep up with them all. To this end we are going to look at a few plug-ins that we can add to WordPress to help keep us a little more secure.

The first we are looking at is Limit Logins

With the standard WordPress, people can try an unlimited number of times to login into your blog. But if you introduce this plug-in into your WordPress you will be able to limit the attempts before they are locked out for 20 minutes or whatever time you decide on. You can decide how many times they can try before they get locked out. There is an additional option you can implement whereby they can get an email notification of their password. You can also opt to be advised by email of continual attempts to log in. Should you lock yourself out by mistake you would have to FTP into the site and change a few items. The fixes for this are on the download website.

Keeping Spam bots at Bay

We all know what spammers do. Well when spam bots are on the loose and enter our blog they can cause untold havoc. To stop them entering and to tone down the harm they can do, we require the following plug-in to keep them at bay. It is called Sabre. Sabre has numerous features you can implement from a captcha code to making the registration email verified. All in all there are 19 options you can implement with this plug-in.

Semisecure is next

This plug-in uses an encryption method to encrypt the chosen password used by the visiting party. This requires Java.

Bad Behavior

This is a way of preventing denial of service attacks. This plug-in even goes as far as looking to see what kind of software your potential visitor might be using. You would need to check with your server as to whether this requires special permission although the program itself is free and open source. You would require PHP5.

Secure WordPress

Secure WordPress aims keep your blog safer. What you can do with it is take out any error info that appears on your login page. It will also install and index.php section in the plug-in directory. The version of WordPress that you are using is removed except in your admin area. Information for people about stuff in the actual theme and program is removed and not available to those who are not administrators. Simple discover is taken out as is windows live writer. In addition the URL’s are removed from things like scripts and or style sheets.

That’s all for today folks.

I admit it, I am a security freak. I have more programs on my PC for security than the average village does. Of course that being said you need to make sure that the programs you have are not themselves part of the scam out there to get into your computer. Many of those programs that sound so trust worthy, have Trojans in them themselves. A horrible thing to have to say isn’t it. However, like all life’s lessons you learn the hard way. Over the years, I have learnt an awful lot about security. Now I am going to look at security for WordPress.

Yes folks WordPress does have issues that do need to be addressed if you are going to be secure on there. Not major things, but things that need to be tweaked to make you safer.

1. You don’t want the world to know everything.

Make sure your failed log in’s do not appear in error message displays by simply removing the log in error in your functions.php file wp-content dir.
Add this line of the script to the right file in your theme.

And Bobs your uncle no more messages will pop up

2. Ensure you use SSL

This is simply to make sure your data is all safe. Its allowable if the server is SSL enabled so use it. Log into the root folder of your WordPress and find your wp-config.php file and insert the following code and save it.

Simple isn’t it?

3. Make your WordPress config.php file Safe.
This file is where all your data lies so it’s like your bank account. You do not want anyone hacking it. You can make it safe by utilizing the .htaccess file.
First step is to make a backup of it just in case. You will find it in WordPress root folder.
Now add the following code.

Simple when you know how.

4. Ban Um

If you don’t want to deal with pests don’t allow them in. Using you .htaccess file again go back to that WordPress root folder. Back it up just in case and then insert the following code.
With the IP address of the person or bot you want to ban at hand just change the numbers in the deny from section to those numbers and then no more problems from that source.

To keep more out of your hair you need to use the line 4 we changed and just add more denys below exactly as we did with 123.456.789
Keep them above the and they wont be able to enter.

5. Don’t let your hard prose be copied.

Once your blog become popular people who don’t have an original thought in their heads will copy it. To prevent this you will after you have backed it up change your htaccess file again. Why would you want to do this: Because you don’t want them draining your site for their purpose and good and at the same time using up your bandwidth. A simple code insert will solve the problem

This way only your own website will link to your images.

That’s all for now folks. Keep safe and we will be back with more.