WordPress Security – HowTo
In a world with plenty of people who would love to access your personal data, you must take every precaution possible to make sure that your personal information and data are safe. WordPress blogging software is no different. In many cases, WordPress is what powers your web site or your personal (or even business) blog. It is your primary means of communication to your audience.
Recently, there have been world-wide brute force attacks on WordPress blogs. This is information we have pro-actively reached out to a number of customers about. What does this mean? Simply put, an attacker will attempt over and over again to break into your account using both common passwords (“1234”, “password”, “qwerty”, “000000”, etc) as well as a plethora of not-so-common passwords. If you defend yourself, you will be just fine and the attacker will not gain access to your information. What do we mean by “defend yourself”? Allow me to explain …
There are a number of ways you can defend yourself against WordPress attackers.
1.) The very first step should always be keeping your WordPress installation up to date. With each update, there are security holes which are patched. These security patches are your first line of defense against an attacker.
2.) Delete the admin user. This is a GREAT line of defense because this takes away a well-known user name for a brute force attacker to use during an attack. Creating a new full administrator account is easy in WordPress and just takes a couple of clicks and filling out of a few boxes.
3.) Either password-protect your login page or move it to a new folder (or both!). Password-protecting your wp-admin folder is a great start and requires much less work. We recommend both but if you’re short on time, this is quick and easy. Just look for this icon in your cPanel account:
4.) Plugins. Security plugins can do the work for you while you’re away. This particular plugin works very well and take very little effort to install.
5.) Exploit scanning on a regular basis. With a plugin like this, you’re able to regularly scan your WordPress installation to check for malicious activity and unexpected changes to files.
On top of these suggestions, there are many, many more options. WordPress have written a wiki page regarding this very subject. We recommend that, on top of the suggestions we’ve provided here, you have a look at their wiki article.
Sound off in the comments if you have more great ideas to pass along!