Worrying about security sucks. And since WordPress has become one of the most popular publishing platform in the world it has also become a target for hackers.
We’ve had a few questions about keeping WordPress secure so here’s a few good tips and links to get you started.
WordPress Security Tips
WordPress.org offers a few simple tips we use on every site that definitely helps with basic WordPress lockdown.
- Don’t name your Administrator user “admin”. This is an option on install and can be changed if y ou are already up and running
- Change your database table prefix. Again – this is an option upon install and can also be changed if you are already up and running. We recommend using a random prefix, like “wpX38f4_”
- Proper File Permissions are VERY important – set them and forget them. You can do this from your FTP program
- Install WP-Security-Scan – it scans your site for vulnerabilities
- Protect your wp-config.php file
- Make sure your WordPress hosting provider takes security seriously
WordPress Lockdown Video
This is a great video from Brad Williams on locking down WordPress from WordCamp Boston. [Link]