How to make WordPress secure

February 15 2010

wordpress

This is a two part post about securing a Wordpress installation. Wordpress is one of the most popular CMS out there today. Partly because it’s so easy to use, easy to manage and takes much of the thought out of maintaining a website. Partly because it’s good, and free.

It’s a great publishing platform and quite secure, but it isn’t immune to everything. There are hackers and spammers out there who would take your site down in a heartbeat if you let them. Here are some tips on securing your Wordpress site.

Back Up

You should be regularly backing up your database anyway as part of the website maintenance. Depending on how often your site is updated this should be done weekly if not daily. There are Wordpress plugins that can take care of it all for you, or you can do it manually for full control. I use the Wordpress Database Backup plugin that performs a weekly backup automatically then emails me the copy. That way I always have a copy of the latest one in case the worst happens.

The database is the core of your site and should be protected at all costs. As well as regular backups, ensure the password is a strong one and never share it with anyone. Automating the backup process takes the thought out of it, and allows your system to look after itself. With the best will in the world, we are human after all and other things often take priority over mundane tasks like backups.

Keep Your Wordpress Version to Yourself

This may seem a little over the top, but displaying the Wordpress version number in the code lets hackers know exactly what vulnerabilities your are open to. By hiding this information, you make it that little bit harder for malicious attackers to try and gain access to your site.

If the version number appears when you do a “show source” then look for the following code in your header.php.

Remove this code and the version number should disappear, adding that little extra bit of security to the proceedings.

Get Rid of the Admin

Getting rid of the Admin login should have been one of the first things you did once the site was up and running. The Wordpress installation creates an Admin account by default so this is often the first place a hacker will look when trying to gain access to your site.

Create a new user from the Admin Panel and give it administrator rights. Then logout, then in again using the new username. Delete the Admin user and attribute all pages and posts to your new user in order to keep them.

That’s all there is to it, yet you have very quickly made it very difficult to a hacker to gain entry into your site.

Permalink

Leave a Reply

Send this article to a friend Contact RT Design Group

Contact Us

Have an interest in expanding your presence online? Get in touch with us today! We can help!

View More

We Do Video Production

We now have an in house video facility for all your web video needs. View our promotional video here:

Watch Promotional Video

Orlando Web Design

Do you need web design help in Orlando? Call us today!

More Info
Social Networking
© 2009 RT DESIGN GROUP . All Rights Reserved.