How to Make WordPress Secure [part 2]

February 20 2010

wordpress

Continuing the discussion on securing your Wordpress installation we explore some more ways of securing the installation from unwanted attention.

Use a Strong Password

At the risk of laboring a point as I’m sure everyone knows this already, using a strong password is the simplest most effective way of keeping your site secure. Using a strong word or phrase with higher and lower case characters, including numbers will drastically improve the site security. Microsoft has a page for password checking which can help check the strength and a page offering advice on choosing a strong password.

Keep Up To Date

Keeping the Wordpress install up to date is as easy as it gets. Later versions of the platform does it for you automatically. If you see the ‘new version is available’ banner in your admin page, backup your database then do the update. These are often fixes for security and should be installed as soon as possible.

Care should be taken that your current theme and plugins will work with the new version. While you should upgrade as soon as possible, it pays to wait a few days before rushing in. This gives the plugin programmers to update their various programs to ensure compatibility. The theme may also need checking, depending on what changes have been made in the new Wordpress version. Security updates are often invisible to the theme so won’t affect them. Some however might, so it’s best to check with your friendly web designer.

If you find the new version doesn’t work with your template, the database backup can be re-instated and you can manually load the previous version of Wordpress. The whole process should only take 10 minutes.

Secure WP_Admin

The wp_admin folder is the most important folder on your website because it contains all the administration files for the site. It makes sense to lock this down nice and tight to prevent havoc being wreaked in your name.

If you run Apache, the easiest way to secure it is to restrict it through the .htaccess file. Add the following to your .htaccess file, or create one and add this code.

order deny, allow

allow from 123.456.789.000

deny from all

Enter your own IP address where you see the 123.456.789.000. This may cause problems for those of you not on cable whose IP addresses change often, but it will work for the rest of us.

As you can see, most of these tips only take a minute or two to implement, but are very effective once done. These measure should become part of your website administration routine whenever you launch a new site. The more secure Wordpress becomes, the less likely hackers will waste their time trying to hack it.

Permalink

Leave a Reply

Send this article to a friend Contact RT Design Group

Contact Us

Have an interest in expanding your presence online? Get in touch with us today! We can help!

View More

We Do Video Production

We now have an in house video facility for all your web video needs. View our promotional video here:

Watch Promotional Video

Orlando Web Design

Do you need web design help in Orlando? Call us today!

More Info
Social Networking
© 2009 RT DESIGN GROUP . All Rights Reserved.