Computer hacking: this is the new scourge that threatens millions of blogs each. Every day, tens of thousands of blogs are hacked, often forcing their owners to abandon everything or start all over again. And it's not because it may never have happened that you must think you are safe. In addition, it is not only the famous bloggers who are hacked.

All it takes is a hacking contest in Pakistan (as it did a few months ago) to see more 125.000 French blogs being hacked. For some pirates, it's a game, for others it's training, and for another category, it can also be a great way to phish.

1. Move the file wp-config from a higher level
The file wp-config is a file that contains all the configuration information of your blog as well as all WordPress settings. A pirate (hacker) who accesses this file is capable of injecting malicious codes onto your pages, or worse yet, deleting all the content of your WordPress blog. I let you imagine the rest…

Because this file is the most important, I think you should secure it, keep it safe from hackers.

There is a WordPress feature that is little known to bloggers and WordPress blog installers, yet it can save their lives. In fact, WordPress allows you to move your file wp-config one level above the root of your WordPress blog.

On most Linux servers, wp-config file is located in the following location:
~ / Home / user / public_html / wp-config.php

To move it one level higher, here's what you need to do:
- Connect to your server (disk space) via your FTP software
- Go to the following location: ~ / Home / user / public_html /
- Cut the wp-config.php file (remember to download it to your hard drive before ... you never know)
- Go up one level higher, that is to say to this location: ~ / Home / user /
- Paste your wp-config file so that the address is as follows:
~ / Home / user / wp-config.php

Rest easy…you have nothing to fear. Your blog will continue to function properly. By doing this you are putting your file outside of the root of your space.accommodation, it will now no longer be accessible to scripts and bots that hackers frequently use to attack your blog.

You have no settings to configure because WordPress (which allows this manipulation) knows exactly where to look for this file. Easy no?

Please note: This trick does not work for blogs installed in subdomain (example: Public_html / blog) or for additional domains created from your cPanel (example: Public_html / yourblog.com).

It makes sense in my opinion. In this case, we run the risk of ending up with several files wp-config. But as they all have the same name and there is only one place to take per location ... you understand why only the blog installed at the root is allowed.

2. Delete your "admin" account
The default account when installing a WordPress blog has “admin” as username. It turns out that the vast majority of bloggers use this username by default... but what they don't know is that by making this choice, they automatically increase their chances of getting hacked.

Most hackers know very well that many blogs use admin as a username WordPress, which gives them a username ... all they have to do is find the password which is also often easy to guess. Complicate them a little bit more by choosing a different username when installing your WordPress blog.

If it is already installed, then I think you should follow the following procedure:
- Log into your WordPress dashboard
- On the sidebar on the left, click on " Users », Then on« add »
- Create a new user and give him the role of administrator
- Don't forget to choose a password that is difficult to guess (example: ALAIN2vidal?)
- Log out, then log back in with the new user's credentials

Then go to page >> Users >> All users >> and delete the user " admin ". If you wish, you can then assign all the content of this user to the new user before the final deletion of your previous account.

3. Make regular updatess
Whether WordPress, your plugins or your theme, make updates every time a notification appears on your dashboard.

When setting up many blogs belonging to our customers (blogpascher.com), I was surprised to see that over 90% of them were neglecting all update notifications.

Know that a WordPress update, a theme or a plugin not only brings you new features, it very often also contains new security measures. The more time passes, the more a theme or plugin has visible flaws that a hacker can use to attack your blog and use it as it sees fit.

So remember to make updates every time you receive a notification. WordPress has made this process so easy that it can be done in two clicks maximum. In addition, it will not even take you 30 seconds and you will save hours, days or even months of frustration and headaches if ever your blog was to be hacked.

Ask hack victims… they will all tell you that there is nothing worse for a blogger than getting hacked and losing all of their data.

4. Install WP Security Scan and secure WordPress
Using certain security plugins reduces the chances of your blog being hacked. I advise you to install the following plugins: WordPress Security Scan et Secure WordPress.

These two plugins bring many features that will make your blog more secure.

  • Le Scanner checks the permissions of WordPress files and highlights all those whose permissions are incorrect.
  • Le Password Tool tells you the strength of your password and also generates random, super-strong passwords that you can use if you wish.
  • Le Database is a tool that allows you to backup your WordPress database. It also allows you to change the prefix of the latter. Use it to change the prefix of your database. Move something like this: '' wp_ '' to something like this: ''8bvn9_''. This will make it difficult for hackers to try to guess your database table names.

Stay alert

The tips and tricks above will greatly improve the security of your blog and reduce your chances of being targeted by hackers. However, always keep in mind that the security of a blog is an ongoing process. You must remain vigilant and inform yourself of the latest protection techniques of a WordPress blog, especially if you use it to generate money on the internet.

And if you want to entrust the work to professionals, I strongly recommend you to contact the site BlogPasCher.com who will change to secure your blog for you.

To learn more about the subject, I recommend the following article: 8 myths about the security of blogs / WordPress sites