If you’re new to WordPress you need to take specific measures to insure the security of your site(s). If you’re developing sites / blogs for clients, security needs to be communicated. WordPress can be secured enough to keep you off the radar of most hackers.
The bad news is that nothing is ultimately hack-proof on the web. The good news is that your site is either so large and important that you have a security team of professionals securing your assets. Or your site is so small that hacking it wouldn’t be of value to a professional hacker.
Getting hacked means more than losing data or getting spammed with links to porn sites. The worst part to me is the way Google penalizes you, the site owner, when you get hacked.
They put a message on your search results the read, “This site may harm your computer.” You may notice from the link that the folks that label you this way can’t even be found in the search results. Let this be a warning that it is neither easy or quick to get your site absolved when this happens.
8 Things you can do to secure your WordPress site
- Version Control. Use the latest version of WordPress. Keep your site updated. Each time a major version comes out there seems to be security issues that follow. So you may want to wait for the dot-one version before upgrading to a major version. If you’re using anything other than 2.5.1now, consider upgrading.
- Activate Akismet. Consider doing this first. You’ll need to get an API key from WordPress.com.
- Manage WordPress security plugins. Install, run and follow the recommendations of the WP-Security plugin. Keep it updated.
- Manage your comment moderation and comment blacklists. In 2.5.1, you’ll find this in the “Settings >> Discussion” area of your site. Here’s my comment blacklist to get started with. There are many others. (Oh, great, now the spammers know what I’m looking for! If I had any readers this might matter.)
- Protect your blog from registration spam. If anyone can register on your WordPress site you’ll need protection from registration spam. Consider using a captcha or email reply before completing registration plugin requirement. Here’s an OpenID plugin to consider.
- Change your WordPress table prefixes. Everyone knows they start with “wp_”. Stop that! here’s a plugin and additional security resources to help. Warning! Changing your table prefixes can cause previously installed plugins to stop working.
- Define roles and responsibilities. If you’re the only one accessing the site, why let anyone register? Can’t they just send you an email requesting that you set them up? If not, be sure to study the roles and responsibilities at WordPress.org and learn who should be able to do what.
- Communicate Security. Security issues in WordPress are already being communicated to your client in the news and by your competitors. Don’t let WordPress take a bad rap for something that can be avoided. After all, WordPress is a target because it’s one the radar and being used by so many people.
If you found this helpful, come back.
Additional Resources
No related posts.
