Making your wordpress website secure

November 09, 2009

 

Securing WordPress has become a major challenge, it is certainly true that WordPress’s success is it’s Achilles heel. As new bugs/hacks are discovered, hackers, spammers and the like are quick to pounce on these opportunities to infect blogs with rubbish content and junky backlinks. Securing your WordPress based site is a crucial step to keeping your site online, your traffic flowing to it and protecting that all important Google ranking. (Google will penalise you for link to spam.)

Keep WordPress updated
Simple yet extremely effective. Updating WordPress is usually really simple. The WordPress guys have made it as simple as possible, there is an auto upgrade function built into WordPress, which makes it ultra simple. A word of caution, if you have hacked the WordPress code, your task just got massively harder. So my advice –> don’t. Keep it simple.

WordPress plugins
Definitely keep these updated. WordPress plugins do have security flaws from time to time. Rather keep them updated, again via a simple upgrade in your plugins manager.

Secure WordPress
There are some nifty plugins that can help you secure WordPress that are easy to install and work like a charm. Secure WordPress plugin

Secure your passwords
For heaven’s sake, why did you make that password for your admin user ‘password’ when you reset it? This is the easiest trick in the book, its called a brute force attack and a cracker will simply keep testing your admin or other users passwords, its just a matter of time. Make sure you use long passwords with multiple characters. Then install this: Login lockdown plugin.

Remove the WordPress version string in your theme
This prevents hackers seeing which version of WordPress you are running. This makes it harder for them to determine where they should start attacking your site. This and other smaller but very useful tweaks can be done easily by installing the WP-Security-Scan plugin.

Server Security – Intelligent blocking
This is harder to achieve if you don’t actually own or manage the server. Modsecurity is a great plugin for the apache web server and there are specific rules that can be added to your apache config to protect it even further. ModSecurity is a module for open source web servers, like apache, that acts like a detector & firewall. It works by providing protection from a wide range of typical attacks against web applications on a web server (like WordPress). For RSAWEB Hosting customers, speak to us for help around this.

For top-class WordPress Web Hosting go and check out RSAWEB. Anything from a small WordPress site to  super-large WordPress sites are catered for.