First, how do blogs get hacked in the first place? Because of it’s design, there are many vulnerable areas in a WP site.In brief:

• Outdated plugins and themes
• Using plugins from unknown sources
• using an older version of WordPress
• Weak passwords
• using admin as your username
• insecure or incomplete installations
• leaving certain files on your server, such as the readme.html
• not removing your WP version from various areas on your site.
• keeping the default database prefix.
• and several other ways that we’ll cover another time.

Fortunately, WP has several plugins that make doing many of these security measures a breeze.

Here’s a list of my favorite ones

Login Lockdown ~ records the IP address of every failed login attempt. If more than a set number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel and admisitrators can release locked out IP ranges manually from the panel.

WP Secure ~ does a multitude of functions that used to have be done manually, such as:

upgrade to the last version of wordpress
check plugins that are out of date
Remove error information on login-page
Hide your wordpress version(frontend & dashboard)
Remove really simple discovery
Remove Windows Live Writer
Remove core update information
Remove plugin & theme update information
Add index.php for plugin directory which hides your plugins folder
Change the default admin username & tests the strength of your password
Restrict access to wp-config.php file, wp-includes & wp-content folders
Restrict wp-admin for only your Ip
–> Restrict access to wp-admin Manual
–> Check files and folder permissions

Secure WordPress ~ does pretty much the same thing as WP secure, plus it also provides a  free malware and vulnerabilities scan with SiteSecurityMonitor.com

WP-MalWatch ~ is a scanner designed to help alert you when hackers have been at work inside your blog. WP Malwatch does not protect your blog, it only logs suspicious events and alerts you possible security breaches.

AntiVirus ~ scans your blog for exploits and spam injections and provides anti-virus protection for your blog. Although it’s a very useful plugin, many themes will show a false positive, because it doesn’t recognize some of the code that is used.

WordPress File Monitor ~ monitors your WP site for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address. Be aware that whenever a plugin updates, or creates any change, you will be notified.

There are many others out there. As I test them out, I will tell you what I think.

Look them over and choose the ones that you like best. I have them all installed and have not had any compatibility problems so far.

Domain Name remains the same

If you are moving the site onto a different server and using the same domain name, then it’s a simple matter to export(backup) the site files and the Database and import them onto the new server. Made much easier if the hosting account has Cpanel.

Moving to a different URL

If the installed version is living on a domain that is different to the one it’s being moved too, then it gets a little more complicated.

WordPress Stores absolute URL’s inside the Database itself so if you change the sites URL, things won’t match up.

There is an easy solution.

The team over at Justcoded.com have come up with a little script that performs all the necessary changes for you. You can read more about that, and get the script from

http://justcoded.com/article/wordpress-tips-moving-site-to-another-server/.

I’ve not yet tried it, but I  will because I’ll soon be moving some of my development sites I have installed on my onto some of my hosting accounts. Plus I’m sure some of my students will want to do the same thing at some stage.

Thanks to the “JustCoded” Team for providing this and some other useful tips on their site.

(I’m not affiliated with JustCoded – I just like what they have done. So if you do get to use them for any projects, I don’t get anything in return.)