10 Things about WordPress Security

10 things to know about WordPress security.

1.) Hide WordPress files

Don’t allow hackers to find your WordPress, hide them. Here’s a simple trick to help hide WordPress files to the public: http://ox.no/posts/hiding-wordpress-installation-files

2.) Excellent password practices

It’s important to use secure passwords for your WordPress sites (this includes your database password when installing WordPress). Here’s a great site for creating passwords: http://www.safepasswd.com

Even the most secure passwords can sometimes be found. It’s good to update your passwords regularly. Make it a habit to add a monthly reminder into your calendar to update your site’s password.

If you’re going to use a password management tool, I highly recommend LastPass for its YubiKey support. Like most password management tools, all your passwords are protecting under 1 master password. If that one password is found all of your sites maybe compromised. LastPass offers a 2 step authentication which requires a USB key along side your master password to access your vault. To see more: https://lastpass.com/support_screencasts.php?feature=yubikey1

3.) Change your default login link

By default, to login to WordPress you can just put ‘/wp-admin’ at the end of a WordPress powered site to get to the login page. Use the Stealth Login plugin to change the login URL to something like ‘domain.com/mylogin’.

4.) Prevent too many login attempts

To protect yourself from brute force login attempts, make it harder by limiting the number of login attempts to your site with this plugin: Limit Login Attempts

5.) Monitor your WordPress installation

If someone does happen to somehow compromise your site by adding, deleting, or changing a file get a email immediately with this plugin: WordPress File Monitor

6.) Upgrade WordPress to the latest version

WordPress is constantly being updated, many times to fix vulnerabilities. It’s best to have the latest version. See: Updating WordPress

7.) Scan your install after making admin changes

Its possible that plugins, themes, and even posts can open up vulnerabilities in your install. So if you’ve recently done some changes to your WordPress install, you may want to run a security scan before walking away. Here’s a plugin to do so: WP Security Scan

8.) See installing WordPress above

To reiterate, don’t use ‘admin’ as your username, don’t user ‘wp_’ as your database prefix, and don’t create the ‘wp-config.php’ file manually.

9.) Backup your database regularly

Even the most secure site can get hacked. It’s good practice to backup your sites database. If all other security measures fail, you can retrieve your database (posts, pages, comments, plugin/theme configurations) from a backup. Use a plugin to get database backups emailed to you regularly: WP-DB-Backup

10.) I’ve been hacked, what do I do?

Start here: http://codex.wordpress.org/FAQ_My_site_was_hacked

Source: www.room3064.com


a husband & father who like to blogging, learn to code, wordpress enthusiasm, little bit twitter and facebook, winning eleven fan, eager to move forward for better knowledge.

Related Posts Plugin for WordPress, Blogger...