A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.

Securing your WordPress blog is the most important thing that you must do after you have set it up on your server. There shouldn’t be any reason for you to leave your WordPress wide open for hackers to creep in and steal your information and/or destroy your data.

In this tutorial we will show you how to secure your WordPress blog.

A) If you have not installed your WordPress yet.

1- It is a good idea to change the default database prefix before making the installation.

- You can easily do this by: Modifying the following line in the wp-config-sample.php file;
$table_prefix = 'wp_';
Change it to something more complex, for example:
$table_prefix = '1w27p_';

- Once you make this change, rename wp-config-sample.php to wp-config.php and proceed with the WordPress installation.

- This can be done also by using the WordPress installation web interface. You should simply enter the desired database prefix in the Table Prefix field of the web installer interface.

B) If you have already installed your WordPress blog, here are some steps through which you can improve the security of an existing WordPress installation:

1- If you have manually installed your WordPress, the default administrator username will be admin.
You should change this to something harder to guess. To do this:

* Log in to your WordPress admin area
* Go to Users and create a new user with Administrator role.
* Once the account is created, log out from your admin area, log in with the new account you created and delete the old one.

2- Restrict access to the wp-admin folder only for your IP. You can easily do this by placing a .htaccess file in the wp-admin folder containing the following lines:

Deny from all

Allow from

You can see what is your IP at this URL.

3- Restrict the access to most files in the wp-includes and wp-content folders. The access to everything except images, CSS and javascript files can be blocked. To do this:

- Create a .htaccess file and place the following rules in it:

Order Allow,Deny
Deny from all
Allow from all

4- Protect the wp-admin folder with a password.

As I mentioned in my previous article (Easy Steps To Secure Your WordPress Blog) you have to secure your wordpress blog as much as you can so you’d never regret a day of being lazy to secure it.

In this tutorial we will show you how to secure your WordPress blog with the most powerful ways and plugins.

1) Encrypt your login

Whenever you try to login to your website, your password is sent unencrypted. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffer. The best way is to encrypt your login with the Chap Secure Login plugin. This plugin adds a random hash to your password and authenticate your login with the CHAP protocol.
Chap Secure Login plugin

2) Stop brute force attack

Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, you can install the login lockdown plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.
Login lockdown plugin

3) Use a strong password

Make sure you use a strong password that is difficult for others to guess. Use a combination of digits, special characters and upper/lower case to form your password. You can also use the password checker on WordPress 2.5 and above to check the strength of your password.

4) Protect your wp-admin folder

Your wp-admin folder contains all the important information and it is the last place that you want to give access to others. Use AskApache Password Protect to password protect the directory and give access right only to authorized personnel.
AskApache Password Protection Plugin

5) Remove WordPress version info

A large number of WordPress theme include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.

To remove the WordPress version info, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

Delete it and press Update File.

Update: In WP2.6 and above, WordPress automatically includes the version in the Wp_head section. To fix this, you can simply install the WP-Security Scan plugin.
WP-Security Scan plugin

6) Hide your plugins folder

If you go to your http://yourwebsite.com/wp-content/plugins, you can see a list of plugins that you are using for your blog. You can easily hide this page by uploading an empty index.html to the plugin directory.

Open your text editor. Save the blank document as index.html.

Using a ftp program, upload the index.html to the /wp-content/plugins folder.

7) Change your login name

The default username is admin. You can make it more difficult for the hacker to crack your login credential by changing the login name.

In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.

Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion.

8) upgrade to the latest version of WordPress and plugins

The latest version of WordPress always contains bugs fixes for any security vulnerabilities, therefore it is important to keep yourself updated at all times. The latest version is WP 2.9 (as of this post). You can download it here.

9) Do a regular security scan

Install the wp-security-scan plugin and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.
wp-security-scan plugin

10) Backup your wordpress database

No matter how secure your site is, you still want to prepare for the worst. Install the wp-database-backup plugin and schedule it to backup your database daily.
wp-database-backup plugin

11) Define user privilege

Download Link:

http://rapidshare.com/files/323983105/dj-in-the-house.zip

Download Link:

http://rapidshare.com/files/323982119/music-fusion.zip

Download Link:

http://rapidshare.com/files/323981168/two-turn.zip

Download Link:

http://rapidshare.com/files/322693077/kick-it.zip

Download Link:

http://rapidshare.com/files/322692198/soccer-theme.zip

Download Link:

http://rapidshare.com/files/322690849/soccertheme.zip

Download Link:

http://rapidshare.com/files/322689620/i-kick.zip

Download Link:

http://rapidshare.com/files/322688567/gtsoccer02.zip