Easily one of the most popular blogging platforms preferred by the amateur and professional alike, WordPress has many advantages over its competitors. However, its relative ease of use and many attractive themes and capabilities must be enhanced by WordPress security and protection, so that your website doesn’t fall victim to malware attacks that exploit weaknesses in coding – or anything.
In the spirit of WordPress security, then, consider these nine tips to keeping your site up-and-running well:
1. The first tip is to take a proactive approach regarding unused plugins, themes and other additions stored in your WordPress content directory; they are almost certainly outdated, which makes them susceptible to hackers and their bots. Software makers update their programs precisely because updates eliminate holes that can be exploited. Basically; discard your old unused stuff and get the latest versions of the new ones.
2. The second tip for better WordPress security is quite general for anything you do online requiring your personal details; this doesn’t make it any less significant, however. Use a maximally strong password. This means alternate capital letters, numbers and special characters. Furthermore, if you have multiple websites up, make sure you use a different password for each one; in fact, there are powerful password-generation plugins available for WordPress protection.
3. Research forums and other reputable online communities for information on the best anti-spam plugins for WordPress security. Make sure you understand how well-written the code is for any plugin you do end up installing.
4. Avoid doing things that used to be standard, such as keeping the “admin” name as your default. Updated WordPress themes and directories don’t usually have this for a reason – they were a common target for website exploitation. Similarly, don’t start the name of any of your directories with the wp prefix.
5. Connecting to your WordPress sites via public WiFi access can give any snoopers access to your username and password. Avoid doing this unless you have your own secure SSL connection socket for added protection.
6. If you’re not very web-savvy, and find yourself overwhelmed by the prospect of trying to decipher the signs of a blog compromise, there is affordable professional help available. Web security solutions are provided by robust malware monitoring and removal products like StoptheHacker, which is a 24-hour sentinel that protects your systems.
7. While not exactly in the category of security, backing up your WordPress site is definitely in the realm of protection from future attacks. If all goes wrong, this copy can save you invaluable time and money in getting back up to speed, or moving your operation to another web host.
8. Hackers want to get into your private details more than anything else, because this will allow them to take over your website for their own personal gain. One useful way to impede this is to erase information regarding the version of WordPress you’re using, which can be done by deleting the appropriate meta tag description.
9. A simple but powerful WordPress security measure comes in the login section. If you have multiple users contributing to your site; or even if it’s just you, implement a lock-down plugin that stops multiple login attempts, which may signal a bot trying to gain access by trying many passwords.
Editor’s note: Today’s guest blogger is Anirban Banerjee, a systems engineer with deep expertise in malware protection. In 2009 he founded Stop The Hacker, a SaaS security technology company designed to keep websites safe. In 2013 his company joined forces with CloudFlare to extend its customer reach. Currently, he works as a systems engineer at CloudFlare. DreamHost is a proud partner of StopTheHacker.