7 Steps to Keep Your WordPress Blog/Site More Secure

Reading time: 4 – 6 minutes

972445_padlock_cipherWordPress is a great way to build and manage a website. Like any online software though, there are steps you should take to secure your WordPress installation and keep it safe from hackers. Some are common sense for any website (secure website hosting and choosing a secure password) and others are specific to WordPress (such as the plugins recommended below). Here are seven steps to secure your WordPress website.


1) Pick a Good, Reliable, Secure Website Host

Where you choose to host your WordPress website can make a difference in your security. Two important things to look for are server security and backups for restore.

Choose a host who offers you php5 and runs it in suEXEC mode. With suEXEC you are able to lockdown your files more tightly. You can find more technical (very technical) details here: http://en.wikipedia.org/wiki/SuEXEC

Also look for a host who offers a reliable backup system and will restore your site for you free in the event of being hacked. Most hosts offer weekly and monthly backups at a minimum. Some hosts also do nightly backups and incremental hourly backups. I’m hosted on a server with monthly, weekly, nightly, and incremental backups. This means that if my site were to be hacked I could easily roll back to what it looked like 3 or 4 hours ago. I wouldn’t loose much, if any, of my content or other files.

2) Use Fantastico to Install Your Blog (or Change Your Admin Username)

If you install yourself with FTP and cPanel, you’ll have a default username of “admin” which is very easy to guess. By using Fantastico, you will be given the choice to pick a username and password that are unique. Plus, it’s easier than an install with FTP and cPanel. Either way, don’t use “admin” for the admin username. And don’t EVER use “password” for your password.

3) Use a Secure Password

Hackers and bad people are constantly attempting to crack into our online accounts and access everything from our email to our online banking records. How can you stop them from easily accessing your accounts? One important step is to use SECURE passwords that aren’t easily guessed or cracked by their software.

Here are tips on how to create secure passwords:
• Don’t use names, dates, phone numbers, or addresses
• Don’t use common words from the dictionary
• Mix up letters and numbers
• Make it at least 8 characters long (longer is better)
• Change it often (for online banking or hosting accounts, try every 3 months)

You may also want to use an online random password generator like this free one:
http://www.random.org/strings

4) Stay on Top of WordPress News

Subscribe to the udpates here so you’ll know immediately when the developers release an update or patch for any security issues: http://wordpress.org/download/

5) Keep Your WordPress Installation Up to Date

It’s critical to your security to keep WordPress up to date. The new versions of the script make that very easy and you can update in just a couple of clicks. It’s under “Tools” then “Upgrade” on the menu on the left of your admin pages.

For more detailed info on updates: http://codex.wordpress.org/Upgrading_WordPress

6) Keep Your Plugins Up to Date

Anytime a plugin is updated, be sure to update the version on your site. You’ll know an update is available because when you login to your admin area, there will be a number in bright orange-red circle next to the “Plugins” link on the left. Click “Plugins” and it will show you which have an update available. You can follow the steps to automatically upgrade your plugin(s) as needed (backup your site before you upgrade anything, including plugins).

7) Install Security Plugins

Here are two security plugins I run on my WordPress websites and recommend installing:
• WP Security Scan: http://wordpress.org/extend/plugins/wp-security-scan/
• Secure WordPress: http://wordpress.org/extend/plugins/secure-wordpress/

With these seven steps you’ll have a more secure installation of WordPress.

To save a printable copy of these tips in PDF format, click here.

(c) 2009 Michelle Shaeffer, Michelle Shaeffer.

Tweet
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

2 Responses to “7 Steps to Keep Your WordPress Blog/Site More Secure”

  1. Evan Foster says:

    i was a former employee and now i am making my best effort to start up a small business.~.”

  2. Sheila Atwood
    Twitter: SheilaAtwood
    says:

    Good tips.

    I belong to a WordPress group that includes one of the employees of Automatic that handles all of the bugs. He actually reviews all of the free themes that are submitted. He suggests that you use the free themes from WordPress or know who you are getting your themes from. You want to pick a theme that is secure and clean.

    The same goes for plug ins. Choose them through your dashboard or from very reliable sources.

    Using Fantasico is in question. Most people do use it and changing your login name is a good idea. Fantasico is a system independent of your hosting, the question is on the system staying up to date enough to keep out hackers. BlueHost has an easy set up system of their own that they keep updated so it would be a good option.

Trackbacks/Pingbacks


    Leave a Reply to Sheila Atwood

    CommentLuv Enabled

    Don’t Miss a Post! (Free)

    Email:

    Or RSS:

    Get a Treasure Chest of Free Resources

    May I send you a treasure chest full of helpful resources for small business owners? Checklists, marketing ideas and more! You'll also receive a free weekly email from me with business-building articles (but you can unsubscribe anytime).
    I will not share your information.

    Connect With Me Online

    Rather Listen than Read?

    Follow the Blog

    Follow this blog

    Chatty

    Top Commenters This Month - Leave a comment or two or three and you can have a link here to your site!
    • Sheila Atwood Sheila Atwood (7)
    • Melanie Kissell Melanie Kissell (6)
    • Tej Kohli Tej Kohli (4)
    • Amy Amy (3)
    • Eleanor Eleanor (3)
    • Marcia Francois, Organising Queen Marcia Francois, ... (3)
    • Andreas Andreas (2)
    • Angie @ Home Business Solutions Angie @ Home Busi... (2)
    • Danielle McGaw Danielle McGaw (2)
    • Keith Davis Keith Davis (2)
    • Leanne Chesser Leanne Chesser (2)
    • Uzi Uzi (2)
    • Angie - The Work at Home Wife Angie - The Work ... (1)
    • Corrie Petersen Corrie Petersen (1)
    • Denese Bottrell Denese Bottrell (1)

    Find Me At…

    Michelle Shaeffer, EzineArticles.com Platinum Author

    Archives

    Disclosure

    Some blog posts, articles or other content on this website contain affiliate links for products or services I recommend. This means I'll get a commission if you choose to purchase something I've shared with you.
    Get Free Business-Building, Overwhelm-Reducing Resources for Entrepreneurs