Security should always be a major concern when using the Internet or posting content online. If someone gets a hold of your personal information or breaks in to one of your online accounts, whether it is your email or a WordPress blog, then you are at risk of identity theft and hijacking of your accounts. Anyone who breaks in to your account could steal your private content, post spam, steal your WordPress account or use it to gather email addresses to send spam to.
Thankfully, there are ways of protecting yourself and your Internet accounts from malicious threats to your privacy and it is important that you take all of the necessary precautions to keep yourself safe online. You can secure your WordPress blog from unauthorized access by installing some of the plugins that are available for download at the WordPress plugin directory.
Most of these are easy to install and do not require any attention from you once they have been set up. They will prevent anyone who should not have access to your WordPress blog account from getting past the very basic password protection that is provided when you set up your account.
1. How to hide your login screen : Stealth Login
A simple, but effective way of preventing people from breaking in to your WordPress blog is to hide the login screen. You can do this by installing a plugin such as Stealth Login, which will create a specific URL or web address that you will use when logging in to your blog, or performing admin on your account. This means that there will be no link to login from the public pages of the blog. When you want to login, you will simply go to the custom URL that you have chosen and sign in as normal.
This plugin also protects your login page by preventing anyone from going directly to wp-login.php, which is the default setting for WordPress. This plugin can prevent anyone from gaining unauthorized access to your site, even if they are able to guess your password, by hiding the login page from them. This can also prevent programs called bots from getting in to the blog through the wp-login.php file.The new login URL and options can be controlled through the settings panel.
2. How to ban selected users : User Locker
The User Locker plugin can help to prevent anyone from making multiple attempts to access your blog. This can prevent them from cracking your password by trying hundreds and thousands of different guesses. When you sign up for a WordPress account there is no limit on the number of attempts that can be made to login to your blog.
This is a major security flaw as it opens the way for unauthorized access through what are known as dictionary and brute force attacks. These simply try every possible password until they gain access. The user locker plugin places a limit on the number of attempts at logging in which can be made. If this is exceeded, then the account will be locked and it will be necessary to request a new password or contact the WordPress Admin in order to get back into the blog. This means that only you can get into the account.
This plugin also allows you to block specific user accounts from accessing the blog, even with the right password. This means that you can ban anyone who should not be accessing the blog from getting into it.
3. How to prevent brute force hacking : Limit Login Attempts
A similar plugin is the Limit User Attempts login. This has the same effect as the User Locker plugin, placing a limit on the number of tries to login that are allowed. The Limit User Attempts Login can limit login attempts through both the normal login process and the use of special cookies. It blocks any Internet address from making further login attempts after a certain number of failed tries to access the blog.
4. How to prevent unauthorized automated access : SpiderSquash
The SpiderSquash plugin is designed to prevent automated computer programs such as spiders and bots from gaining access to your WordPress blog. It works using complicated statistical methods in order to recognize bots and automated access attempts. The SpiderSquash plugin has access to a global database which is built up by all SpiderSquash plugins around the world, and to which yours will contribute if it detects any new bots.
Your account will be protected against any bot that is listed in the database. Whenever a new bot is discovered by SpiderSquash, it is added to the database and you will become protected against it. This plugin needs to be uploaded and activated on WordPress.
5. How to Encrypt Your Logins : Login Encrypt
The Login Encrypt plugin prevents anyone from stealing your access details by hiding or encrypting your password when you enter it and send it to the WordPress site in order to login.
This is a similar idea to the one that protects your credit card details when they are sent as you shop online. The information is sent in a way that can only be read by someone who knows the encryption code that was used by the sender. If it is intercepted by someone who is trying to find out what your password is, they will be unable to read it.
6. How to make your login process more secure: Chap Secure Login
Another option for encrypting your password and making the process of logging in to WordPress more secure is the Chap Secure Login plugin. This plugin also encrypts your password, but it uses a different method of encryption, known as the chap protocol. It is an alternative to the Login Encrypt plugin.
7. How to ensure stolen passwords only work with a single session: One-Type Password
As well as keeping transmission of your password secure, it is possible to protect your WordPress account by using the One-Time Password plugin to generate a new password every time you login. You may be familiar with this idea if you use a certain type of secure wireless network. Some people have a system that uses unique, automatically generated passwords to get access through their Wi-Fi network, rather than a set phrase.
The One-Time Password plugin prevents anyone from accessing your account if they manage to intercept or steal the password you are using since each password will only work for a single session. The minimum requirements for this plugin are WordPress 2.8 and PHP 5.0.0. IT should work with both Internet Explorer and Firefox, but there is no guarantee that it will be compatible with other browsers. This plugin is ideal for anyone who accesses their WordPress account through shared computers, particularly in insecure environments such as internet cafes, where there could be viruses that might record keystrokes and so be able to steal passwords. It conforms to the Internet Engineering Task Force RFC 2289, which means that it is reliable and well designed.
8. How to tell if your WordPress account has been hacked: WordPress Last Login
Protecting your WordPress account from unauthorized access is very important, but there is also a plugin that can tell you when your account has been compromised. The WordPress Last Login plugin will tell you who was the last person to sign in to your account and when they logged in. If the last log in was at a time when you do not remember logging in and if the IP address is different from the usual one, then it’s likely that someone else has been accessing your account. An IP address is like a phone number for your computer.
You can find out what your IP address is from various websites or by looking for it manually on your computer, but you can also just keep an eye on the IP addresses that have been used to access your WordPress account. You will soon begin to recognize the IP address or addresses that you use, and therefore you will be able to tell if there is any unusual activity. If there is unauthorized access, you should quickly change your password and add some new plugins to enhance your security. You should also check your computer for viruses.
What do you do to secure your WordPress experience? Tell us in the comments :)
This post was guest-written by Christopher Shepard from who writes webs hosting tips and reviews at Webhost GearGoogle+