WordPress is the most complete and the most powerful way to start a website or a blog, no matter the size, the traffic demand and the amount of registered users. WordPress can handle it all. Top tier US universities use WordPress and so does Ford, the car company.
Being a free and popular tool, it attracts the attention of hackers and spammers who try to take advantage of wordpress to steal content, steal passwords, shut down the blog, and a lot more. Because of this, it is imperative that you take care of your WordPress installation successfully. With some free tools, you can enhance the security to a level that almost no hacker will even pay attention to your WordPress fortress and you can post with total safety.
Let’s see the top 10 tips to secure WordPress:
1. The first step is not securing WordPress itself but securing your own computer or the device you use to access your WordPress installation. If the computer is infected, it has a much higher chance of infecting the WordPress installation as well. Update your anti virus database at least once per day. Actually, it should be the first thing to be done every time you access the internet. Next, update the operating system with the latest updates and patches. No operating system is mathematically immune to viruses. Window takes care of it automatically if you have that option turned ON. If you are not sure, search for “update” using the desktop search then check the configuration. Finally upgrade your browser to the latest version. Do the same for anti spyware, firewall and every other security software you employ.
2. Updating WordPress is the second step. Every new update brings new features, more speed and better stability, but most important, it has better security walls to keep the installation considerably more secure. Go to your WordPress control panel, then just click to upgrade.
Some hosting companies have the One-Click-Upgrade which allows easy and super fast upgrade with just one click. Of course there are also some WordPress extentions and plugins that allow to do the same.
3. Bug and vulnerability reporting to the community helps keeping WordPress secure. If you spot anything wrong with WordPress that has not been fixed yet, send an email to [email protected] and let them take care of the business. One important point to keep in mind is to be secret about those reported bugs and vulnerabilities. You don’t want that discovery to be known by hackers and spammers. Don’t post to any social network or blog
about your discovery.
4. Checking for exploits is next. Although it will not fix any problems, it will long all the problems and suspicions for further investigation. Run Exploit Scanner plug-in at least once per week to see a detailed report concerning malicious activity such as cracking.
5. Custom HTML can be a problem. If you don’t depend on it to live, do your WordPress blog a favor and disable it. Go to the wp-config.php file and add the following code: define( ‘DISALLOW_UNFILTERED_HTML’, true );
6. Delete default posts like comments and default posts. This will make look to a hacker that your blog is new and likely not beefed up with the latest security patches since you look very “young” and new to WordPress. Some of them employ tools that will look for blogs with such comments and posts and immediately try an attack to see if they can break the security.
Removing “Powered by WordPress” also helps to disguise your blog and to make it not look it is being powered by WordPress, giving hackers another headache.
7. Backup every week if the blog is small and every day if the blog has several posts per day.Backups make you able to restore the blog almost immediately should the blog be deleted or attacked. The default WordPress backup is not good enough. The solution is to use a hosting company that allows easy WordPress backup directly from their user interface and to install and restore the installation with just one click.
8. Security plugins are handy. User Locker for example will limit the number of tries per user before locking the account. Very useful in case a hacker tries automatically with bots to discover passwords.
9. Always use strong passwords using a password generator to generate an unique password.This password will be almost impossible to crack, but make sure you only use the same password only once per file or database.
10. Other security plugins like Bad Behavior can help too. If someone is abusing the blog withspam comments, his account will be red flagged and you can take action.
WordPress is the most secure and the most powerful way to make a blog of any size and withthese security tips you can sleep well knowing that almost nothing bad can happen. In caseyour are terribly unlucky, the backup will put the blog back live in minutes.