Home > Guide > Secure Your Wordpress Blog

Secure Your Wordpress Blog

Published on 6/18/2010 by

All websites across the worldwide web are vulnerable to hacking, viruses and exploits and your site is no exception. Your web host goes to great lengths each day to protect your data and private files, but as a web hosting client and Wordpress user, you’re also responsible for doing your part to lockdown your own Wordpress installation. Stay on top of security with these easy to follow Wordpress tips.

Keep Wordpress updated

A surprisingly high number of people fail to upgrade to the latest version of Wordpress after its initial installation, causing a host of problems. Wordpress developers provide updates to patch security holes and bugs on a routine basis. If you’re not using the most current version of Wordpress, you’re making yourself an easy target. Make it a rule to update Wordpress each time it’s updated.

Monitor your own computer

Your home computer should be problem-free. Any breach in your home computer security has the potential to infiltrate your web hosting server and take your website offline. Check your computer often for viruses, adware and spyware. If you don’t have a virus checker installed, use a free online tool.

Remove Wordpress version information

Advertising which version of Wordpress you’re running is inviting trouble. By default, Wordpress displays this information to anyone who cares to look for it. Hide version information by adding the following lines to your functions.php file:

  1.  // remove version info from head and feeds
  2.  function complete_version_removal() {
  3.  return '';
  4.  }
  5. add_filter('the_generator', 'complete_version_removal');
If you’re not comfortable altering Wordpress files, use this easy to install plugin instead.

Don’t post as the administrator

The default login for Wordpress is admin, a fact that is well known to hackers. If you’re still logging in as the admin, go to your administration panel and add a new user. Assign that user administrative privileges and then delete the default admin account. For additional login security, install the Stealth plugin, which will hide the default login screen from visitors, giving you an added line of defense.

Update plugins

Check your plugin directory routinely and apply automatic updates whenever necessary. Software upgrades provide additional security and fix common problems.

Choose strong passwords

Your login password for Wordpress should be unique and lengthy. If you need help creating a powerful password, use an online password generator or follow the 8+4 rule:
  • Use eight letters in your password, alternating between capitalized and lower case letters
  • Use 4 numbers, dashes, dots or symbols
Safeguard your site even further by changing your password once every few months.

Know your file permissions

Don’t grant easy access to your Wordpress files. Check out this list of how file permissions should look and make any necessary adjustments.

Backup, backup, backup

This isn’t so much a security tip, as it’s just plain old good advice: Backup your files often. Should the worst happen and your site is hacked or you need to change web hosts, you’ll require a current backup copy of your Wordpress files. Use tools within your hosting company control panel to archive your entire site or install plugins which will save a copy of your Wordpress database files.

By implementing a few security measures to your Wordpress installation, you can keep out unwanted visitors and ensure you’re up and running a successful Wordpress site.