I decided to right this after a friend of mines blog recently got hacked and he lost everything. I was trying to help him find ways to secure his blog (and mine) from being hacked again. We gathered all the information we could and then went to town hacking away at his blog to secure it. Heres what we did:

Secure Your Passwords
We downloaded and installed CHAPS Secure Login. When you login to your blog using a public computer, a hacker can get your password using any network sniffer. This plugin encrypts your password  automatically when you login by adding a random hash and authenticating your login using the CHAP protocol.

Block Brute Force Attacks
We found a plugin called Login Lockdown. WHat it does is recod an IP and a timestap of any failed login attempt. Once the failed logins have reached the number of failed attmpts that you set in the admin panel, it automatically disables the login function for that IP range.

Protection for your wp-admin folder
Theres a plugin we found called AskApache Password Protect  which places password protection on your wp-admin folder so only authorized persons can gain access to your wp-admin directory.

Remove version info from your WP blog
Any hacker can easily go to your blog and look for your what version you’re using on your WP blog and then find specific exploits for that version. Showing version info is not needed, and only makes it easier for a hacker to get you.

To get rid of your version info, go to your dashboard and click on Design -> Theme Editor. On the right, click on header.php. You should then see all the code for that file. In the code, find
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

Remove that completely from your code and save it.

Make your plugins folder invisable
This step is pretty simple, all you have to do it open a text editor and save a blank file, and name it index.html. Then upload that blank index.html file to your wp-content/plugins folder.

Make a new admin username
When you install WP the default admin username is admin. To change this all you have to do is go to you WP dashboard and click on “Users”. Create a new user and give the user administrative rights. Now, you need to logout, and log back in again using the new admin account you just created and delete the default admin user by clicking on “Users” again, put a check in the box beside the defailt admin and click delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account.

Run a security scan
Using a plugin called wp-security-scan, you can run a test on your blog to see if there are any obvious security threats, and tells you what to do to fix them. After you install this plugin, you should run a security scan once a week ro so just to be sure.

Change your databases prefix
When you install WP it inserts the tables into the database using the prefix “wp_”. Changing the table prefixs makes it a lot harder for hackers to sniff out your database info and then get you!  When you run the security scan above, it will tell you that your prefix’s are default, and walk you through changing them automatically. For some people the script doesn’t work though. If it doesn, you can change them pretty eaily by following these steps:

1. Make a backup of your files and database!! VERY IMPORTANT!!
2. Deactivate all plugins in your blog.
2. Download 2 backups of your database using PHPMyAdmin.
3. Open one of the database backups you downloaded, and replace all instances of “wp_” with “whatever_”.
4. Go back to PHPMyAdmin and drop all the tables in your database.
5. In PHPMyAdmin click on “Import”, select the .sql file that you just updated, and then click go.
6. Open your wp-config.php file and edit the prefixs table setting from “wp_” to whatever you changed it to “whatever_”, and then use an FTP client to upload and overwrite the original.
7. Login to your WP Dashboard and re-activate your plugins.

Your done!

Backup Your Blog Regularly!!
The easiest way to do this is by using the plugin called wp-database-backup. Upload the plugin to yoru plugins directory, activate it, and then change the settings so that it can start saving backups automatically every day, week, month, or however you prefer to set it.

Setup user privileges
If you have more than one author on your blog, you should installed Roll Manager. Roll Manager defines capabilites for each user group. This gives you the power to decide who can do what on yoru blog, more efficiently.

Upgrade your blog
You shuold always maintane a current version of your WP blog. Right now the latest version is 2.6.1. You can download the latest version here. If you’re upgrading, which I assume you are, you can look at this guide to ungrading WP. The best way to do this though is by using a plugin called WP Automatic Upgrader. The current version of WP Automatic Upgrader is V0.4 I think. Upload and install that plugin and it can/will upgrade your blog to the most recent version automatically. 

If you take all of the steps mentioned above, you will be much better protected against hackers. Hackers are always coming up with new ways of getting to you though, so you should always be looking for new ways of blocking them too!

If you use these steps to protect your blog, please write an article about it and mention where you got the info ;). I can always us some more backlinks

Good luck, and happy blogging!