Posted on August 5th, 2010WordPress is a very popular platform for self-hosted websites and blogs. While WordPress is really secure out of the box, there could be some individuals who seek to make your life more difficult by looking for a way to hack into your account and cause serious damages. That’s why it’s crucial to be sure that your WordPress site is super secure.
Here are a few tips for keeping a WordPress blog or website more secure and resistant to malicious attacks.
1. Update, Update, Update
Even the securest software is not immune to vulnerabilities and bugs. Security holes will soon be discovered and those bad guys will do everything to exploit them. Keeping a WordPress installation updated is a good way to fend off attacks, because WordPress developers will fix their codes once security holes are discovered.
Plenty of WordPress users have learned the hard way each time a wave of attacks spread across the Internet and attack older WordPress versions. Thankfully, keeping your WordPress site updated is one of the simplest things you can do. WordPress developers have included the ability for automatic updates. You will also be notified each time a new version becomes available. If you don’t have the latest version of WordPress, you should upgrade now. Leaving your web site using an older version is like keeping the door unlocked while leaving for vacation.
2. Use Secret Keys
Open wp-config.php and you’ll find that it stores critical account database information like name, address, username and password using the MySQL database format. With a secret key, it would be even more difficult for a person to gain easy access. Go to http://api.wordpress.org/secret-key/1.1/to generate your secret key.
3. Use Complex Passwords
In addition to using a secret key for the wp-config.php, you should also consider changing the user password to something stronger and unique. WordPress notifies you about the password complexity, but a good advice is to avoid common words, use lower and uppercase letters, and include random numbers. It’s also better to change your password every two months. With programs like 1Password, it is possible to store your password in the browser safely and also generate secure and complex passwords on the fly, also it makes changing your passwords regularly less of a chore.
4. Configure .htaccess file
With this file, you will be able to set access limits to specific directories. You can associate those limits to certain IP address, which means that not everyone can access a part of your site. .Htaccess stuff can get pretty complex, scour the web and you can easily find instructions on how to set restrictions easily with the .htaccess file.
5. Set File Permissions Properly
Many times, hackers are able to secure access to your website because you’ve left your files with liberal permissions. Depending on your WordPress installation or your web hosting company rules you may have inappropriate permissions on your site set as default. It is possible to change file and directory permissions with a FTP client or using the administrative page.
This article isn’t meant to be comprehensive, but an overview of common things you should do to make your WordPress website much more secure.