Securing your WordPress blog is the most important thing that you must do. Every day, WordPress sites are being hacked and injected with malicious code that could not only affect your website, but also other visitors as well. In addition, if the problem doesn't get resolved, it could result in your blog being blacklisted by search engines and labeled as a dangerous website. After all the hard work you've put into your website, it would be completely devastating to find out that your site has been compromised and/or destroyed.
With that being said, I've compiled a few tips to help get you started on protecting your WordPress blog. This is NOT a complete guide for securing your WordPress site, however, these tips will help lead you in the right direction.
Use strong passwords for your login
It's highly recommended to use strong passwords to make it harder for someone to guess your login. Below is an example of an edited screenshot from Strong Password Generator:
Hide the contents inside your directory
One of the easiest tricks is to insert a blank index.html file into your “plugins” directory. This helps prevent unwanted visitors from seeing which plugins you are running on your WordPress site.
To do this, simply open up Notepad.exe and save the blank file as “index.html” (without quotes).
Now, go onto your server and place the index.html file into wp-content/plugins/. Remember to always safely connect to the server using a Secure File Type Protocol (SFTP or FTPES), in which the data is encrypted before it is sent across the network.
Scanning WordPress for vulnerabilities
I would strongly recommend installing the WP Security Scan plugin by Michael Torbert. This WP security plugin will scan your WordPress installation for security vulnerabilities and suggest necessary changes, including:
- File permissions
- Database security
- Version hiding
- WordPress admin protection
- Removes WP Generator META Tag from core code
That's all folks!
Keep in mind, there are many things that need to be secured in order to protect your WordPress blog, including your server, database, logins, comments, files/directories, and wp-admin. If you're looking for help in securing your blog or would like a WordPress security audit, let us know.
If you have any thoughts or feedback, please share by leaving a comment below.
Submitted by David L.