WordPress How To: Security 101

Posted by | October 30, 2009 | How To | No Comments

If your site has ever been hacked, you know it is a very unpleasant experience. The time it takes to remedy and recover is something you don’t want to have to deal with!

Here are the three main issues any site owner can address right now:

  • Once your site is up and running, delete the “admin” username account. Since that is the default setup that’s the first user that will be looked for to exploit. It is also a good idea to not have your nickname and username be one in the same. Also use passwords that are at least 8 characters in length and are a combo of capital and small case, numbers, letters and characters to make it a difficult as possible to be guessed. The best passwords don’t spell anything out and are difficult, even for you, to remember. This goes for your WordPress database password too!
  • Upgrade your WordPress to the latest version and continue to do so as new releases become available. For example while 2.8 was only released in the last month or so, 2.8.2 is already available due to security issues that need to be addressed. This means updating your plugins as well when they update to ensure you have the latest most secure plugin versions.
  • There are several “techie” things that also need to be covered such as server, folder and file permissions. Permissions are what allow access, or not, to your files and folders on your Web hosting server. While this access can be controlled via your .htaccess file — which gets a bit techie for many, you can install the WP Security Scan Plugin to make sure you have your bases covered. This plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions.
    • passwords
    • file permissions
    • database security
    • version hiding
    • WordPress admin protection/security
    • removes WP Generator META tag from core code

For those with a little more experience working with WordPress code and .htacess files, here are a couple articles with even more tips to ensure that your WordPress site remains secured:

As a site owner the onus is on you to protect your investment for those with too much time on their hands or who may have nefarious motives. Review these issues carefully and make sure your WordPress site is as secure as it can be.

About the Author:

Judith Kallos is an experienced good-humored Technology Muse who has offered WordPress Consulting and Web Site services for over a decade. Be sure to check out her popular site 123 More Income so you can learn to make more money online.

Leave a Reply

Your email address will not be published.