WordPress Security Tips

January 14, 2011

wordpress

Worrying about security sucks. And since WordPress has become one of the most popular publishing platform in the world it has also become a target for hackers. We've had a few questions about keeping WordPress secure so here's a few good tips and links to get you started. WordPress Security Tips _WordPress.org offers a few simple tips we use on every site that definitely helps with basic WordPress lockdown._

  1. Don't name your Administrator user "admin". This is an option on install and can be changed if y ou are already up and running
  2. Change your database table prefix. Again - this is an option upon install and can also be changed if you are already up and running. We recommend using a random prefix, like "wpX38f4_"
  3. Proper File Permissions are VERY important - set them and forget them. You can do this from your FTP program
  4. Install WP-Security-Scan - it scans your site for vulnerabilities
  5. Protect your wp-config.php file
  6. Make sure your WordPress hosting provider takes security seriously

WordPress Lockdown Video This is a great video from Brad Williams on locking down WordPress from WordCamp Boston. [Link]

Subscribe to my mailing list