Recently my blog got hacked and entire posts and categories got deleted. Â This was first experience for me after i started my wordpress blog. I did not have any security features in my blog. After the attack the first thing which i did was to secure my blog.
My experience may help you all to secure your blogs and prevent it from any kind ofÂ attacks. Here i am going to explain the security measures i haveÂ implementedÂ in my blog.
1) Â Database Security.
- Create aÂ separateÂ MySQL login for wordpress without delete permission. (i know the wordpress need delete permission but as per my understandings, if you delete a blog, it will go to trash means just changing the status of the post, so update and insert permission is sufficient.)
- Removed all other logins (Hosted in godaddy, there are few Mysql Â logins are there for go daddy c pannel access)
- Set a Hard password for MySQL Â Login.
- Finally you should have a Daily backup of your Database see here
2) Â WordPress Security
- Disabled user Login
- Installed the following security Plugins , Login LockDown, WordPress Firewall, Bad Behavior
- Disabled directory listing by adding the following synt. in .htaccess file