6th November 2012
It’s easy to think your website is immune to malicious attacks and that only big sites with high volumes of traffic are likely to be a target, but this is a naive assumption. Here are 10 tips any webmaster can utilise to help keep their WordPress website safe.
Change it to something that isn’t so predictable and obvious. If you’ve already set this WordPress will tell you it can’t be changed, but you can get around this restriction by going into the user table of your database.
This seems obvious but a frightening number of people use their name or something else equally obvious. If you need help with this, there are numerous secure password generators on the net.
It only takes a matter of seconds to install plugin and core updates, but they contain valuable security fixes so make sure you do it.
By default it will be wp_ and everyone knows this. Again, if you’ve already installed WordPress then changing this is trickier, but it is possible using the WP Secure Scan plugin.
Again, the default location makes it easy to find and read so move it up a directory (a change which WordPress should detect).
In the wp-config.php file you’ll see four secret keys. These make it harder to crack your password, so for the sake of 60 seconds of effort they are certainly worth changing. You can get your own unique secret keys here.
Only upload plugins and themes you know are safe and come from a reputable developer. Be wary of anything you’ve downloaded from torrent and file sharing services.
Using .htaccess it is possible to restrict access to the wp-admin directory to only certain IP addresses. To find out how to do this properly, I recommend you check out Net Magazine’s excellent post, Protect your WordPress site with .htaccess
By default, WordPress will allow an unlimited number of attempts to login. The Limit Login Attempts plugin will stop this by blocking an IP address from making more than a specified number of attempts within a set time frame.
That means your files AND database. You can never guarantee your site is 100% safe, so be smart and keep a copy of everything that’s important. There are various plugins that can help you with this.