December 29th, 2014
Keeping WordPress secure from unwanted visitors feels to some like a full-time job. With the popularity of WordPress soaring for website design, making sure the script, plugins, and themes are up to date can become cumbersome for most people. Customers using our cloud web hosting platform have the luxury of our application installer to do automatic updates; however, hardening your installation is still something to consider. You have to remember that the script is open source. This means that anyone can download the script and look at the code. If flaws are found, they can be taken advantage of. Most of the time, if a defect is discovered, the person that found it will report it for updating, however, a few could use it to hijack your site, send out spam, obtain confidential user data, and the list goes on.
Since WordPress is popular for website development and hackers are lurking, we have put together some pointers on Hardening WordPress that are easy to implement.
- Make sure to rename your admin panel. “www.yourdomain.com/wp-admin” is the default install of the WordPress back-end. Random scans are performed, and you do not want to give access to these admin URLs. To hide the back-end from those scans rename it to something else. It can be anything. The plugin I mention later in this post can do this for you.
- Change the default WordPress user (admin) to something else. Make sure your passwords are STRONG. An 8 character minimum password containing Uppercase, Lowercase, Numbers, and special characters is recommended. Stay away from simple words, the more complex, the better.
- Install a Security Plugin to assist with locking down your WordPress installation. A good recommendation is All In One WP Security & Firewall. You can find the plugin here. Keep in mind that installing the plugin is the first step. It still requires you to configure the settings. The developers make it very easy to do so.
- Visit http://codex.wordpress.org/Hardening_WordPress, which provides more in-depth insights on hardening WordPress.
Using the tips above can help in keeping your WordPress installation secure. If you have any additional questions, let us know. Send an e-mail over to support if you need any assistance with what was discussed in this blog post.
If you have any questions, contact us.