February 7, 2012

Posts Comments

You are here: Home / Wordpress Security Advice / WordPress Security

WordPress Security

June 28, 2010 By

WordPress Security advice from the pros …

 There is a certain level of risk that we assume simply by having a web site available to the Internet and for all practical purposes, is an unavoidable risk out side of turning the power of to the web server.  That really isn’t very practical though, what good is a web site if nobody can use it?

As responsible web site owners we must always recognize that we each individually play an important role in the overall health, acceptance and usability of the Internet.

If everyone littered and no one picked up trash, how long would it take before our neighborhood’s were overrun with filth and disease and no one wanted to live there any longer?

Finally, if you don’t feel the need to be security minded for the sake of the Internet at large …. then realize that you or your brand’s very reputation may suffer tarnish if you don’t take at least the very basic steps towards making your web site a more secure and enjoyable experience for Internet users.

Here is a list of rock-solid suggestions to use with your WordPress web site:

  • During the WordPress installation, consider using a database table prefix other than wp_.  Anytime you can change a setting in anything to something other than the default selection  you’ll be miles ahead of the game.
  • Keep your WordPress version up-to-date!
  • After you install WordPress and login into the administration area; create a new administration-level user with a STRONG password (a mixture of numbers, symbols & UPPERCASE/lowercase letters). Next, logout of WordPress and then back in with the new user and DELETE the default admin user.
  • If your able to/understand how to; ensure the file permissions of the wp-config.php file read 0644
  • If you edit the wp-config.php file, you’ll notice about half-way down there is an area where you can provide random letters and number for 4 different items; AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY & NONCE_KEY. If you visit https://api.wordpress.org/secret-key/1.1/ you can get pre-built random values for these.
  • Be dilligent with your plugins; if your not using it get rid of it! Not just deactivate it but remove it from the server.
  • Keep your plugins up-to-date. Plugins can be great but are typically the source of a problem when WordPress starts acting up. If your going to allow 3rd party code (plugins) to modify WordPress’s behavior then you’d do well to make sure all patches are applied when the plugin’s author releases them.
Filed Under: Wordpress Security Advice Tagged With: , , , ,