Recently I found that many wordpress based websites got hacked or compromised. So, I started searching Internet for security measures which can be took to protect WordPress based websites. Following are some points which I found common on various websites.

1. Vulnerabilities in the WordPress
Vulnerabilities of WordPress could be defined as program or script that allows an attacker to bypass normal wordpress settings. To avoid such problems, keep your blog updated to latest versions. Older version of WordPress contains old functions and scripts which can be easily hacked.

Also keep your all plugins updated and if you are not using any specific plug-in, delete it from the system.

2. Secure wp-config.php
wp-config.php file contains database information like database name, database username, password. By default wp-config.php has 644 permission which means a normal user can easily read your wp-config.php. So, set the permission of the file to 750 which will disable other users to read it.

3. Rename the administrative account
When WordPress is installed on a System by default, it uses and sets username “admin” as the administrator of the blog. For better security it’s not suggested to use “admin”. After installation you can create a new user with administrator rights and delete “admin”.

4. Hide WordPress version
If you are running a wordpress version which has know vulnerabilities, then its not a good option to keep your wordpress version open to public. There are many plugins which hide the wordpress version from public OR you can simply add  “<? php remove_action(‘wp_head’, ‘wp_generator’.; ?>” in function.php of your theme.

5. Protect WP-* Folders
Block wp-* folders from being crawled and index by search engines. This can be done by blocking access to wp-* from robot.txt. Add following line in your robot.txt

Disallow: /wp-*

6. Firewall Plugins
There are a few plugins that scans suspicious-looking requests based on rule databases and/or white-lists. BlogSecurity’s WPIDS plug-in installs “PHPIDS”, a generic security layer for PHP applications, while “WordPress Firewall” uses some WordPress-tuned pre-configured rules along with a whitelist to screen out attacks without much configuration

7. Secure WordPress Database
WordPress is database dependent application for which you need to have a database and database user. For WordPress installation, you simply create a database with user but securing database is also useful for securing you WordPress Blog.

Following are a few tweaks to secure database
7.1. Grant limited access to a database user: Create a user to access this database only and grant limited access to SQL commands on this database (select, insert, delete, update, create, drop and alter).
7.2. Pick a strong database password

8. Backups
Always make habit of taking backup of your blog and database at regular intervals and do not depend upon your hosting company’s backups as it might be possible that the backup they have contains the hacked data. (if the backup run after your blog was hacked) There are many plugins provided by WordPress with the help of which one can take backups.

9. Strong Passwords
Creating a Strong Password is another option to protect your blog from getting hacked. Also changing the passwords on weekly or monthly basis will be added protection.

10. Monitoring Blogs
As a user/admin of the blogs you will have to regularly monitor your blogs for changes, like any suspicious user get registered or any file of your blog gets changed or you find any suspicious activity contact our support team for deep investigation.

Microsoft has announced that they are shutting down Windows Live Spaces and will migrate all the existing users to WordPress.com. All the information of users like their content, and if any visitor visits existing Microsoft Live Spaces sites they will be automatically redirected to the new WordPress.com domain.

At the time of migration wsers have the options of transferring their content to WordPress, downloading it and storing it locally or deleting it when they hit the migration page. I have Just migrated my Windows Live Spaces blog to WordPress and in this post I will explain the exact steps

As soon as you login into you Windows Live Space you will get following screen which notify users about the switch/migration.

Here, user will get option to Migrate the Space to wordpress or Download Your blog to local system or Delete the Space or the user can just ignore and go to his space. If you are ready press “Get started. Upgrade my blog to WordPress.com“

On next screen you will get some basic instructions about the migration. Press Continue

Now you will get Actual Migration Screen where it will ask you to re-connect your MSN. Press Connect and relogin in your account.

If you are already registered with WordPress you can login and integrate blog with existing blog or create new wordpress blog for Live Space.

On “Create another WordPress.com Blog” page fill all information about your new WordPress Blog. Click on “Create Blog“

Once you get Miration Complete window like below. That means you have successfully migrated your Windows Live Space to WordPress.