5 Ways to Secure Your WordPress Install

wordpress

WordPress has become an extremely popular website and blogging platform over the years, it is literally hosting hundreds of millions of websites.  However, sometimes huge success can lead to some drawbacks.  The fact that WordPress is so popular and used on so many sites had led many people to look for exploits in the code and while that in and of itself isn’t necessarily a bad thing, the found exploits could potentially land in the hands of someone with malicious intent.

So how can you go about protecting your WordPress site?  Here are 5 easy tips on how to make your WordPress more secure.

Keep your WordPress install updated

Always update your WordPress to the latest version whenever a new version is available.  This is very important.  When WordPress releases a new version consider it a mandatory update, they are always fixing existing security vulnerabilities, bugs, and making other miscellaneous changes to the code.  These are things you do not want to miss out on and it will help ensure your site stays secure.  Additionally, there is no reason not to update WordPress right away, the fine folks over at WordPress have made it super simple to update with the click of a button in the Updates section under the “Dashboard.”

Keep your WordPress plugins updated

For the same reasons that I stated about keeping your WordPress install up-to-date you want to keep any plugins installed updated as well.  Often times plugin authors will update their plugins to fix bugs, patch security vulnerabilities, and offer compatibility fixes so the plugin works well on new versions of WordPress.

Delete the readme.html file

This is sometimes overlooked, but deleting the WordPress readme.html file is also a good tip to help secure your WordPress install.  The readme.html contains information which may be helpful to people looking to attack your site so by deleting it you will make them have to work a bit harder which can help deter potential attackers.

Rename the user “admin” 

If you installed WordPress and did not pick a username other than “admin” as your default username, then I would highly recommend changing it.  For example, you can use your real name “John” or “JDoe” instead of “admin.”  Unfortunately, you cannot easily change the username in WordPress once it’s created.  However, I found (and use) an very useful plugin which will do it for you (in addition to other useful things).  The plugin is called WP-Optimize, once you install and activate it, it will allow you to easy change any username in your WordPress install.  The plugin can also clean up overhead (e.g. old post revisions, old auto-saves, etc) in your WordPress MySQL database which will help reduce your the size of your database and keep site speedy.

Don’t forget to update third-party software

I mention this because it is often forgotten about because it’s not something you are always looking at in the WordPress admin panel.  I once fell victim to a MySQL injection which caused my site to be labeled by Google as a malware threat all because I forgot to update OpenX (an third-party ad server I use to serve ads on BestTechie).  So whether you are using OpenX or any other third-party software in conjunction with WordPress always be sure to keep that up to date as well.

As you can see from this list of 5 easy WordPress securing tips, a large part of it stems from making sure things are up-to-date as soon as possible.  I really cannot stress the importance of staying up-to-date enough.

Do you have any additional tips to add?  Feel free to leave them in the comments!


— Jeff Weisbein

Jeff is the founder & CEO of BestTechie. He has over 10 years of experience working with technology and building businesses. He loves to travel and listen to music.




Comments

  1. Mike Mansell says:


    Using the .htaccess file in Apache to only allow access from certain IP addresses/ranges or to implement a secondary password more native to the HTTPd isn’t a bad idea at all, either.

    An article on WordPress’ site also suggests using the .htaccess file to re-write what SHOULD be non-public files that are only used as PHP include()’s in the public files.  Honestly, I don’t think it makes a HUGE difference, but the extra layer of security can’t hurt.  And of course users on shared hosts also need to make sure that their wp-config.php file isn’t readable by other users on the system; although this is something that most web hosting companies have secrured from the get-go.

  2. Jeff Weisbein says:


    Awesome tip! Thanks for sharing it Mike!

Speak Your Mind

*