Tip of the Week: Security Time
I wish we didn’t live in a world where people were out to get you, but we do. It may not be personal, but owning and running a website exposes you to the world. And there are a lot of spammers, scammers, con-artists, hackers and criminals out their looking for exploits.
WordPress, with how popular it is and how many 3rd party scripts are involved make it an easy target. There are a number of things you can do to harden WordPress.
Having the right hosting and WordPress installed professionally is a great first step.
A professional install includes:
– A strong database password used
– A different username than admin set
– Having security keys and salts added
– A different database table prefix than wp_ set
This is all done in a manual install that 1-click installs do not offer.
There are also some wonderful security plugins to consider:
– Secure WordPress: Tightens up some basics like hiding your WordPress version.
– Bad Behavior: Blocks spam attempts. WARNING – This is a very strict plugin that can block some good things like open id logins and shopping cart apis.
– Restrict Login By IP: If you have no need or intention of allowing people to register for your site and only you need to login this is a great plugin. WARNING – IPs change often so make sure you know how to use FTP to edit your .htaccess file or you’ll lock yourself out of your admin.
– SABRE: For those that do allow registrations this is a great plugin with many options to help you block spam registrations.