8 Essential WordPress Security Tips
Because of its popularity, WordPress is one of the open source blogging platforms most targeted by malicious attacks. While this cannot be but worrying for its users, the good thing is that there are many simple precautions you can take to protect your blog. Before reading the essential security tips below remember that for maximum protection you should use all of them combined.
- Choose a strong password
One of the simplest yet most often neglected protection measure for a WordPress blogger is the use of a strong password. Choose a password that uses letters and numbers in combination, and that's hard to guess. Also, try to use different passwords for each of your online accounts, so that if one of them gets hacked, the others won't become vulnerable as well.
- Hide the version number
If you use a custom theme, your blog displays the version number of the WordPress platform it uses by default. From the point of view of security, it's unwise to reveal which version of WordPress you're using, because hackers may take advantage of this information. So, hide the version number by inserting the line in the functions.php file of the theme.
- Encrypt wp-config.php
The wp-config.php file stores all the sensitive information associated with your blog administrator account, including username and passwords. For this reason, you may want to encrypt it.
- Disable directory browsing
With directory browsing activated you invite attacks. It's like keeping your front door wide open, and letting people you don't know wander through your house. To disable it put an empty index.php file in all your directories apart from the root directory.
- Enable Secure Socket Layer (SSL)
SSL is an Internet protocol for managing the security of online message transmissions. If you web hosting provider supports SSL certificates, you should consider securing your blog by configuring the wp-confic.php file so that SSL is automatically used.
- Update
Using the latest version of WordPress and of themes and plug-ins means that you have less security vulnerabilities to worry about – a fair share of security issues is fixed in each new WordPress release. Many WordPress users don't update because of neglect; don't follow their example. Updating is simple and increases your security considerably.
- Install no more plug-ins than you need
There are many, many WordPress plug-ins out there, and a great deal of them can be a security vulnerability for your blog because of dubious code, which facilitates all sorts of injections and attacks. The best approach is to use only essential plug-ins that you trust, which you get these from reputed websites. Stick to popular plug-ins, and before getting new ones always check reviews. Avoid obscure plug-ins available on suspicious websites.
- Use only high-quality themes
Just as there are many plug-ins with weak code, so there are many themes with suspicious or downright bad code. Using premium themes is recommended, because these are usually better and safer, but you should be fine with using free themes as well, as long as you download them from trusted websites.
In conclusion, you should not experience any major security issues as long as you use a strong password, avoid suspicious themes and plug-ins, update to the latest WordPress version, and taking a few precautions like disabling directory browsing, forcing SSL use, encrypting essential files, and hiding the version number.
Note: Remember to back-up your files regularly, so that you may always do a restore if anything goes amiss.
The guest post is contributed by Patrick Smith.
Patrick is associated with WebHostingSecretRevealed.com since last 2 years. The site provides information on Best Web Hosting reviews. The owner has researched and analyzed innumerable web hosting platforms and made a comprehensive list. IPage Review occupies first rank in his list because it provides customized products at your doorstep.
Tags: Blogging, INTERNET, tips, Wordpress, Wordpress Tips
Related Posts: ,
,
,
,
Subscribe to:
Post Comments (Atom)
Share your views...
27 Respones to "8 Essential WordPress Security Tips"
Good security tips. A blog is nothing without security. For perfect security of blog we should must go for these tips.
November 21, 2011 at 11:20 AM
thanks for the tips, at syempre kahit secured ka na, dont forget to backup :)
November 21, 2011 at 8:41 PM
Totally agree with LordCM, backup everything for security purposes, we might know what will happen..
November 21, 2011 at 8:49 PM
I am a newb with WP and this would help. But I still prefer blogspot for now.
November 21, 2011 at 9:07 PM
i need these tips when i migrate my blogs to wordpress :) i surely will get back to this post hehe
November 21, 2011 at 9:25 PM
@PinayWriter: Just go with whatever you think is convenient to you.. :) There are a lot of ways learning WP :)
@Miss Joy: Good luck with the migration Miss Joy and I hope everything will be fine :)
Thanks for dropping by guys :)
thanks for the security tips , will really be a big help to us bloggers, especially the newbie like me :) thanks!
November 21, 2011 at 9:40 PM
@Myrnz: Glad to help :)
I don't get to know how to navigate in WP no matter how much I try but thanks for the info, I guess will stick more in blogger
November 21, 2011 at 11:19 PM
@Chris: Just choose the one that is very convenient to you..
I tried wordpress before but I never liked it.Thanks for the tip ,i can use it for my sons blog.need to update it since he is not interested into blogging anymore
November 21, 2011 at 11:50 PM
@Tatess: :D Same for me before, I never liked WP but when I started using it I felt the need to take some of my blog to a next level :D
@Ads: I agree with you Sir, its still on us, if we are not that careful enough, things might go wrong :D
Backup is king. At least we must always ensure to have one, while observing these tips you posted as well
November 22, 2011 at 5:06 PM
Thanks for such tips. Although I am not ion WP, I think these tips are applicable everywhere. I never regret using blogger because it is owned by Google who has the best tools and products on Earth. The only issue is that since blogger is from Google, identity theft is probable on which, WP is more trusted for that matter. Opinion ko lang.
November 23, 2011 at 1:43 AM
Got a point there Palagutom.. :)
For me WP is a bit more complicated that's why I shifted to blogger
November 23, 2011 at 3:02 AM
@Edmar: Its not that complicated, you just need to be familiarized on how WP works :D
Thanks for this informative post.
Beware of those plug-ins. Use only those reliable plugins. Don't know if I remember it correctly, avoid plug-ins with 777 permission.
November 23, 2011 at 7:12 AM
Thanks so much for these tips! :)
November 23, 2011 at 7:34 AM
@Marcuz: Thanks for the share sir and for the precaution as well :)
@Mich: Glad to share
thanks for this! I am a WP user/blogger and i definitely need this.
November 23, 2011 at 3:54 PM
@Wendell: Happy to share resources sir :D
Very Informative.. straight to the point! ^_^
November 24, 2011 at 3:26 AM
Thanks for your very informative tips dude.. nice...
December 1, 2011 at 10:20 PM
A must tips not only for WordPress users but also on all bloggers and website owners as well... :)
And I may add a simple one yet always taken for granted... on WP always change your 'admin' default username into something difficult to crack. =)
December 6, 2011 at 12:42 AM
Post a Comment
This is a do-follow blog and is updated regularly.
■ Avoid posting non related contents.
■ Please use a name instead of blog name or SEO stuff, otherwise it will be deleted right away