Everyone has heard the term WordPress before. It is the most popular blogging engine and website development tool out on the Internet today. You can create anything you want with it from a simple blog to talk about your cat to a full membership based online system.
With this much power and popularity there will be people out there trying to circumnavigate your site and either try to do havoc or get to your goodies for free. So the question becomes, “How do you secure your WordPress blog?” Well there are several ways to secure your WordPress Blog:
- The first is on the server or the hosting company that you have chosen to host your blog. When installing your blog on your hosting company it will ask you where you want to host your blog. Generally people host it under yoursite.com/blog which is okay for seo or ease of use reasons but they also use the wp prefix for their database connection. When installing WordPress you don’t want to associate anything that relates to the structure, security or operation of your script to have the letters wp in them. You will want to change it to something unique. If you don’t have anything associated with wp in your blog then hackers and others trying to get into your site won’t have an easy access point.
- The next thing you will want to do is choose a strongly structured password. In most cases hosting providers have an option to automatically or randomly create a password for you. I know most people want to have a password that is familiar to them but when it comes to the security of a blog, website or anything that can lead to anything else on the Internet or to your personal information you will want to create a password that people can’t guess or easily figure out.
- One thing I personally hate but know it is a necessity is updating of your sites scripts. I am a set it and forget it type of guy. I just like to jump on there and do what I have to do and not have to worry about updates or wondering if something is going to stop working after the update is complete. But it is a necessity. You see when WordPress and other companies release an update to their products it isn’t because they want to show you some flashy new stuff, it is because they want you to be safe and allow others on the network to be safe. So it is always good to select a time to install new updates or see if you can automatically allow the script or server to install new updates when available.
- For most WordPress sites and membership sits in general people use the default ADMIN as their user names. This is a big no no. Like I stated before about the WP letters in part of your script install the word ADMIN is the kiss of death. Everyone knows ADMIN and will use that to attempt to gain access to your site. You also don’t want to use your name or a nickname. You want to create something totally unique and you haven’t used anywhere else. One trick hackers use is to learn as much about you as possible. Once they know you and se what type of things that you are interested in they will do whatever it takes to use it against you and gain access to your WordPress site.
- Make sure your plugins and add-ons are up to date as well. We stated earlier that you need to make sure that your site is up to date with the most recent version. The same goes for plugins. If you are using a plugin that is for one version and do an update you don’t want have a older plugin. You want to make sure that your plugin is up to date as well.
- And one more security tip that people don’t even think about. When you are designing your site make sure that there is no reference to the version number of WordPress you are using. If people know what you are using or even suspect the version of WordPress or plugins or anything it will give them a place to start in order to take down your site.
- It is also good practice to be polite to people and don’t’ do anything to give them a reason to try and attack your site. There will be times that you are running a membership site and kick someone off for not obeying the rules or is rude to other members. Just try to have everything that you do be professional and businesslike. Not everyone that visits your site is looking to be a member. Some are there to mess with everything that you do for their own personal enjoyment. So follow my tips above and read through WordPress itself to see what they recommend for settings and additional security measures. And just review them once a month to make sure that everything is up to date.