All websites across the worldwide web are vulnerable to hacking, viruses and exploits and your site is no exception. Your web host goes to great lengths each day to protect your data and private files, but as a web hosting client and Wordpress user, you’re also responsible for doing your part to lockdown your own Wordpress installation. Stay on top of security with these easy to follow Wordpress tips.
Keep Wordpress updated
A surprisingly high number of people fail to upgrade to the latest version of Wordpress
after its initial installation, causing a host of problems. Wordpress developers
provide updates to patch security holes and bugs on a routine basis. If you’re not
using the most
current version of Wordpress, you’re making yourself an easy target. Make
it a rule to update Wordpress each time it’s updated.
Monitor your own computer
Your home computer should be problem-free. Any breach in your home computer security
has the potential to infiltrate your web hosting server and take your website offline.
Check your computer often for viruses, adware and spyware. If you don’t have a virus
checker installed, use a free online tool.
Remove Wordpress version information
Advertising which version of Wordpress you’re running is inviting trouble. By default,
Wordpress displays this information to anyone who cares to look for it. Hide version
information by adding the following lines to your functions.php file:
- // remove version info from head and feeds
- function complete_version_removal() {
- return '';
- }
- add_filter('the_generator', 'complete_version_removal');
If you’re not comfortable altering Wordpress files, use this
easy to install plugin instead.
Don’t post as the administrator
The default login for Wordpress is admin, a fact that is well known to hackers.
If you’re still logging in as the admin, go to your administration panel and add
a new user. Assign that user administrative privileges and then delete the default
admin account. For additional login security, install the
Stealth plugin, which will hide
the default login screen from visitors, giving you an added line of defense.
Update plugins
Check your plugin directory routinely and apply automatic updates whenever necessary.
Software upgrades provide additional security and fix common problems.
Choose strong passwords
Your login password for Wordpress should be unique and lengthy. If you need help
creating a powerful password, use an
online password generator or follow
the 8+4 rule:
- Use eight letters in your password, alternating between capitalized and lower case
letters
- Use 4 numbers, dashes, dots or symbols
Safeguard your site even further by changing your password once every few months.
Know your file permissions
Don’t grant easy access to your Wordpress files. Check out
this list of how file permissions
should look and make any necessary adjustments.
Backup, backup, backup
This isn’t so much a security tip, as it’s just plain old good advice: Backup your
files often. Should the worst happen and your site is hacked or you need to change
web hosts, you’ll require a current backup copy of your Wordpress files. Use tools
within your hosting company control panel to archive your entire site or install plugins which will save
a copy of your Wordpress database files.
By implementing a few security measures to your Wordpress installation, you can
keep out unwanted visitors and ensure you’re up and running a successful Wordpress
site.