Secure WordPress

Secure WordPress

WordPress is a massively popular blogging/cms platform. This makes it a great target for hackers and the like. They know their way around WordPress and its files and this makes it prone to attacks. While there is no sure-fire way off keeping these nasties away forever, there are measures that you can take to help protect your site.

Please don’t take these following steps as a complete security package. The bad guys will always find way into your site if they want to! But I hope these can help you out by giving you piece of mind and hopefully, will stop you being hacked.

FOLLOW SOME OF THESE STEPS:

1. UPDATES
Make sure that you keep your WordPress version up to date as well as your plugins. Newer versions are often to fix security holes and bugs within the files, So this is your number 1 priority!
2. SALT KEYS
Use the salt keys in your wp-config.php file. Use a new set of keys for each WP install you create. Copy n Paste them into your wp-config.php file at around line 45.

3. DO NOT USE ‘ADMIN’ USER
Make sure you delete the admin user, and reassign a new administrator for your site. Using a user as ‘admin’, half’s the hackers work, by giving away your username straight away.

4. PASSWORDS
Yes I know this is an obvious one, but please make sure that your login password is not simple. Make sure it contains numbers and is not too short. Also, make sure that your FTP logins are also long, containing letters and numbers too.

5. DATABASE PREFIX
When creating a database for your WP install, it automatically chooses the wp_ prefix. Why not change that to something more random? This adds a barrier between them (the bad guys) and your database.

6. REMOVE THE VERSION NUMBER
Removing the WP version number from the head section may help to deter hackers as they won’t know what version your running. You can do this by adding the piece of code below to your theme’s functions.php file. (It also removed the version number from your RSS feed)

// Remove WordPress version from Head and RSS
 remove_action('wp_head', 'wp_generator');
function remove_feed_generator() {
 return '';
 }
 add_filter('the_generator', 'remove_feed_generator');

7. DELETE README.HTML
Delete the readme.html file from the site’s root folder. This also has information regarding the version number your using. Please note that if you use auto-update, a new readme.html file will be added.

8. SECURITY PLUGINS
There are several security plugins available for WordPress.

WP Security Scan
iThemes Security

There are probably many more ways to secure your WP install. But I hope this list will help you get on your way to securing your blog or site. Please feel free to leave any suggestions to securing your site further below.

Leave a Reply

Your email address will not be published. Required fields are marked *