Five WordPress Security Tips

Your website is one of your biggest assets.  If your site’s security gets breached, you’re easily up a ship without a paddle.  Imagine your WordPress powered website compromised and flooded with thousands of links to pornography… not a pretty picture.  SO how do you prevent such a disaster from happening?

Here are five tips:

  1. Kill the ‘admin’ account.
    Create an administrator account in WP and delete the default ‘admin’ user.  Since it’s common knowledge that the ‘admin’ user exists by default, wouldn’t it be a little bit easier to find the administrative password?

  2. Replace your table prefixes.
    SQL injection attacks happen every day.  By default, WordPress adds a database table prefix of ‘wp-‘.  If you take off this prefix or change it, you are lower your risk for an injection attack.

  3. Take out the version META tag.
    Older versions of WordPress contain certain vulnerabilities that are avoided by an upgrade.  With this META tag, you are broadcasting that you are an open target.  Here’s a scenario:  Let’s pretend that I’m a hacker and that I know a vurnerability for WP version 2.1.  I can write an application that will scan hundreds of websites for the version META tag and get a list of sites running 2.1.  It would be easy pickings from there, wouldn’t it?

  4. Lockout bad login attempts.
    A bruteforce hack is an attempt to guess the correct password using a list of common passwords.  Download the Login LockDown plugin to lockout  bad login attempts for a hour (by default).

  5. Set the right permissions.
    Folder permissions should be set to 755 and files should be set to 644.  Try at all costs not set permissions at 777, which allows read/write access for all users.  A cracker could put a malicious application in a folder set a 777.

And there you have it, five stellar tips to secure your WordPress site. To easily resolve some of these issues, download the WP Security Scan plugin.

Leave a Reply

Your email address will not be published. Required fields are marked *