You know those guys who get their house broken in to and THEN go out and buy an alarm after it’s happened? Don’t be one of those guys.
I don’t want to be one of those guys. If this blog gets hacked it’s egg on my face and a huge nightmare for any blogger. The bigger you are, the harder you fall. I’ve decided to beef up security around here by making a few changes.
1. disabled wordpress version info
By default, wordpress will display the version of wordpress you’re using. You know the way wordpress upgrade regularly due to ‘security vulnerabilities’ – what happens if you’re running an old version and that vulnerability has just been publicly blogged about by wordpress? That’s right, it leaves you wide open to attack. By hiding what version of wordpress you’re running, it creates more work for a hacker if they want to get at your blog.
Your header.php file will contain a this line;
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
Delete the bit in red to give you;
<meta name="generator" content="Wordpress" />
2. restricting login attempts
Usually, we all keep the same passwords for everything. We know we’re not supposed to do it, but it’s handy. More often than not, these passwords contain birthdays / birthday combinations / home address numbers / family names / pet names etc… If on the off chance you give for example an ftp password out (lets say you hire someone to do a bit of work), chances are it’s the same password as your blog or similar. So all it takes is a bit of guess work and patience and a stranger could just have cracked open your blog.
I’ve installed a plugin call login lockdown and changed it so that 2 wrong login attempts from the same IP will auto-lock the blog for 60 minutes. You can of course use a proxy to bypass that, but that’s all hassle for a hacker and if you can frustrate and annoy a hacker with all these little security features the chances are he’ll move on to an easier target.