Due to some troubles with a few of my WordPress blogs. I have recently learned a lot about security and protecting my WordPress blogs from hacking. There is no way to be 100% sure that your website couldn’t get hacked. However, using the best practices described below, you can make it very hard for someone to crack into your WordPress installation. Taking these steps does not take much time but it saves you from a lot of trouble, even if your website get’s attacked you can fight back quickly and restore your website easily. Without these security precautions you not only make your WordPress installtion vulnerable, but you also make it difficult for yourself to recover from horrible accidents. So lets begin securing of your blog:

Back up often

You have heard this many times. Here it is once again, back up your website and database at least once a week if you update your website daily, or atleast once a month if you don’t update that often. But please back up. Do not trust your webhost when they tell you that they have back ups of your website created on a daily basis. It is very smart to have backups on hand just in case something goes terribly wrong with you or your webhost. There are many WordPress plugins to back up your database. I use WordPress database manager plugin called wp-dbmanager. Using this plugin you can schedual weekly backups to be sent to you via email.

Stay Updated

Whenever there is a new version of WordPress, upgrade your installation as soon as possible. Since 2.7 WordPress has automated the upgrade process or you can manually update to latest version. It only takes about ten minutes but it saves you from a lot of trouble. Older, outdated and upsupported installations often get hacked. Once hacked it is a very lengthy process to clean your blog and upgrade. So protect yourself now upgrade your WordPress.

Also keep your plugins updated to newest versions. If you notice that a plugin author has not released an updated version since a long time go to plugin’s home page and check its status. If the author has abandoned the plugin then stop using it right away.

Strong Passwords

If no one has ever stolen your password then it does not mean that no one ever will. There are some really bad people out there who randomly pick their victims and crack their passwords to take control of their websites. WordPress has strong password indicator which you can use to generate a strong password. A strong password contains atleast 8 characters a combination of alphabates and numbers and special characters. Avoid using words that can be found in a dictionary.

You should have strong passwords not only for your blog’s admin interface, but also for your site’s SSH shell and FTP access. Doing so you make it very difficult for hackers to crack your site and access your files via ftp. Try to use SSH or SFTP instead of plain FTP.

But strong passwords are difficult to remember. Well you should then read this wonder post from the blog herald that tells you how to create strong but memorable passwords. You can also generate a strong password using Aautomatic password generator tool.

File Permissions

One drawback of using WordPress or some of its plugins is that sometimes you need to make a few files writeable on your server. For security it is important that you keep file permissions as strict as possible. It is ideal to have your directories file permission set to 755 and your files 644. See WordPress Codex Changing File Permissions.

Default Username

At the first installation WordPress automatically creates a user account with the username admin. Now using the default username means that half of cracking is done without any guessing. Unfortunately it is not possible to change this username from the WordPress admin interface. However you can change it by running a simple mysql query.
Update tableprefix_users set user_login='newusername' where user_login='admin';

Replace tableprefix with the table prefix in your wp-config file. If you didn’t add a table prefix then it would the default one which is wp_ . You can run this query or manually edit table in phpMyAdmin or you can also run this query using wp-dbmanager plugin.

Other tips:

Remember, no website is 100% secure. But taking these precautions reduces the chances of your blog or website getting compromised easily. The following web pages has more tips on securing your WordPress even more.

Hardening WordPress
WordPress Security Tips and Hacks
WordPress Security Whitepaper

This is really a tough question. Some bloggers, even the experienced ones, spend so much time looking around for the perfect theme to beautify their blog. There are themes with lots of images in header and every where they look amazingly beautiful. There are themes that are simple and elegant. Themes, with functionality to improve certain aspects of your blogging experience. Themes designed for SEO and themes designed to be used with advertising programs such as Google Adsense. There are three columns, two column and single column themes. How do you know what is right for your blog?

Here is how I do it. First of all I try to think what I want to achieve with my new blog. Like this particular blog that you are currently reading is a place to share tips. So I needed a theme that was easy on reader’s eyes so that they can read the content, apply it somewhere, and then leave a comment if they want. This approach to design is called Usability and it helps a lot in the long run. This blog is new, so I also needed a theme that is easy to modify for my future needs.

I wasn’t sure about sidebar and layout. But then I thought that I don’t have enough content at the moment to fill the two sidebars with interesting items. So I decided to go with a single sidebar theme such themes are also called two column themes sometimes. Right sidebar or left sidebar? I remembered reading somewhere (probably here) that people read left to right so if you put your content on right and relevant links and navigation on the left then it is easy for them to quickly find what they need.

So this the first step of choosing the right theme. You need to think what you want to do with your blog and think of a layout that fit both your’s and your readership’s needs.

The Next step is design, color, and layout. There are so many colors in this beautiful world and please remember that we all love colors. So even if you are into simple looking web pages make sure that it has some colors too. While browsing the theme directories you will see many themes and I would suggest that you bookmark the themes that you like on your way. Once you think you have browsed enough themes then look into your bookmarked themes. And select a few that you like most.

In my opinion themes with large image headers containing pictures of irrelevant things are not very good. because these images provide no benefit to your reader. Still if you prefer images in your header then make sure that they are not too big.

Optimizing your blog for search engines and advertising programs is no more a hassle. But it could be if you pick a theme that is not easy to modify or relies on some plugins that you don’t really need. You don’t really need to pick up a search engine friendly theme, because it could easily be done later on with either plugins or manually. You also don’t need to pick up a theme that has room for lots of advertisements. Because such themes are used widely by bad websites and if your visitor has seen such websites already he would think that your blog looks like those trash sites so it would be useless as well.Choose a theme that is easy to modify and you can always add your advertisement code in it.

Widgets or No Widgets?

Depends on how easy you want it to be, I personally feel easier working with themes in my text editor. But lots of people like the comfort of Widgets. So if you want to make adding items to your sidebar simpler then you go for widgets ready themes.

While picking up a theme don’t just think about the attractiveness. Look for a theme that is easy for your readers so that they can easily navigate your website or blog. Also make sure that the same theme is easy for you too, so that you can work with it in future and add features to it if the need arises.

How do you know that the theme you want is easy to modify or not? I particularly check the theme in theme-editor. Since I feel that most editing goes on in sidebars so I look at the sidebar template. Themes that use complex div structure in sidebars are difficult to use. I prefer themes that have simpler sidebar code so that I could add my own items easily.

Another quick tip, don’t just go for the popular themes. If you browse the theme directories deep down you would find some really amazing themes that are not already used by hundreds and thousands of blogs. Also make sure that you add your own branding to the theme. Like your own image in header, or your customize it so that it looks uniquely yours.

Caution: Please remember to look at the theme carefully. There are some dirty minded people who add links to adware and spyware sites in wordpress themes. Some people even add their own Google Adsense code in themes. So if you see any such thing you can either remove the code or simply choose someother theme. The best place to look for themes is the theme directory at official WordPress site.