8 Wordpress security tips

Posted by Napster
February 17, 2008

lock_key

  1. Protect your /wp-admin/ folder
    Administration files are located in this folder. This means that protection is imperative. You can do that by configuring a .htaccess file where you can restrict access to the folder based on the originating IP address.

    AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<limit>
order deny,allow
deny from all
allow from xx.xx.xx.xx
allow from xx.xx.xxx.xx
</limit>
  2. Hide your plugins folder
    This one is easy. You just have to create a index.html file and place it in the main plugins directory. You can echo a message if you have a sense of humor.
  3. Updates are crucial
    Be sure to update your blog as soon as a new release is available. Updates are simple to make and also very quick. Some script kiddies tend to use exploits for different Wordpress versions. It’s a small price to pay for security.
  4. Remove version number from head tag
    As i said before, it’s best that potential wrong-doers have a hard time finding out what version of Wordpress you are using. By default, there is a piece of script that prints out you version. You can eliminate this by removing the following code from the head tag

    <?php bloginfo('version'); ?>" />
  5. Tidy up your HTML code
    It’s good practice to remove any potential unwanted code from your blog. By removing the plugin version info from each code snippet you can protect your plugins from being a pathway for disaster
  6. Change your password
    Do not use the default password provided by the blog installation process. Be sure to have long and complicated passwords, preferably using both letters and numbers.
  7. SSH is safer than FTP
    Try to use SSH file transfers as much as you can because it’s safer. FTP is practically an open invitation for hackers because it’s lack of file encryption.
  8. Backup often
    The number one key to security is having a good backup. Install a backup managing plugin and try to configure it to send the backup file by email daily or even more often

Based on a dailyblogtips post.

Tags: , ,

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

No comments yet.

Leave a comment

(required)

(required)