WordPress is the free open source publishing application and content management system. Many people use WordPress as their blogging platform to deliver messages, information and news. WordPress also has a templating system, widgets and a rich plug-in architecture, which allow users and developers to extend its functionality beyond the features that come from its base installation.
Although WordPress has made everyone to build their own blogs easily, many security issues have been discovered in the software, especially for those outdated versions of the software. I had an experience with the security issue once my weblog had been hacked few months ago, while I was using the most early version of WordPress. After this lesson, I have been more careful on every aspect of the security issues and always keep my weblog upgraded with the plug-ins that I really trust.
Besides upgrade your WordPress software to the most latest version, there are some more simple security measures that any WordPressers can implement to enhance security and prevent the blogs being compromised. Hope these methods can improve the security of your weblog and greatly reduce the vulnerability of your weblogs.
1. Keep your WordPress software and its plug-ins upgraded to the latest version.
The best security precaution is to have the software have less/ no security treat. So the best practice is to upgrade your WordPress software, update your trusted WordPress plug-ins every time a new version is released/ New version always has been enhanced security than the early version.
2. Never reveal your wp-admin directory and contents at any circumstance.
Many bloggers have good practice via .htaccess file to apply password protection to the wp-admin directory. When you password protect your wp-admin directory, any attempt to directly load a page from that directory will cause a “401 Unauthorized” error page. Useful article can be found at thesitewizard.com or .htaccess generator helps at htaccesstools.
3. Use login lockdown plugin.
Login LockDown can records the IP address and timestamps of every unsuccessful login attempted. If more than a certain number of unsuccessful login attempted and detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password attack to your WordPress weblogs.
4. Do not allow guest user registrations.
If you do not have a membership weblog, then the registration for public should be turned off by click on the Settings and unchecked the “Anyone can register” option.
5. Backup regularly.
Regular backups for your contents and database are important. In case anything happened, you can use the backup to recover your weblog files and database. WordPress Database Backup might able to help you backup your database automatically and send the backup file to your email address.
Continue reading “10 steps to secure your WordPress software”