Tags: secure wordpress, secure wordpress install, wordpress install, wordpress security
Now that WordPress has released its harding release 2.8.5 security is on my mind. I did some research to find 10 tips to secure WordPress and make it harder to break in. Below are some of the tips I found most useful.
1. Always change your WordPress database extension. Default is ‘wp_’ so change it to something like ‘gp_’ or ‘wordpress_’ on install.
2. Remove your admin user. By default the admin user is set to ‘admin’ changing this to another username makes it harder for hackers to guess your admin login.
3. Secure your .htaccess file. If you don’t know what a .htaccess file is click here. Use the code below to tighten security on your .htaccess file by limiting who can access it.
1 2 3 4 5 | <files ~ “^.*.([Hh][Tt][Aa])”> order allow,deny deny from all satisfy all </files> |
4. Secure your wp-config.php file. While not only setting permissions on this file to 444 using the following code in your .htaccess file can limit who accesses the file.
1 2 3 4 | <files wp-config.php> order allow,deny deny from all </files> |
5. Set proper permissions. Different hosts will have different levels of security but for the most part the permissions should be:
Root install folder to read only (744)
Directories should have permissions of 755. NEVER 777
All files should have permissions of 644
If you do want to use the built-in editor, theme files should have permissions of 666. NEVER 777
6. Deny listing of your website directories in your .htaccess file. This will make sure no one can list all the files in your website folders. Adding the follow code below to your .htaccess file.
1 | Options All -Indexes |
7. Limit search engines to your ‘wp-’ directories in your robots.txt file. If you do not have a robots.txt file in your root folder create it with the following code below:
1 2 | User-agent: * Disallow: /wp-* |
8. Drop the version string in your Meta Tags. This is in your template files in the header.php it should look like the code below. Remove it completely if it exists.
1 2 | <meta content="WordPress <?php bloginfo(’version’); ? />" name="generator"> </meta> |
9. Always use a secure password. This is mostly the main reason people get hacked. I use the follow to generate passwords for my users. Password Generator
10. Backup regularly! this is vital to you being able to recover your data regardless of being hacked or having your files corrupted. Luckily WordPress has a plugin to do this easily. WordPress Backup Plugin
Now with this list you should have a darn good secure WordPress install. Now there are other things you can do to increase security but for a small business or blog site not ran by the government these should get you on the right track. Now just stay up to date! make sure you update your wordpress as they release new versions and update your plugins as needed also.
Proudly serving Fort Myers, Cape Coral,
Lehigh, Bonita Springs, Naples, Marco Island, Pine Island, & Sanibel, Florida
Get the latest news by signing up for our quarterly newsletter.
All rights reserved.
+1 866 980 2369 /
1 Response to 10 WordPress Install Security Tips
Tweets that mention 10 WordPress Install Security Tips « Benzing Technologies « Creative Web Design, Affordable Web Hosting, SEO, Social Media Marketing -- Topsy.com
October 29th, 2009 at 9:15 pm
[...] This post was mentioned on Twitter by Chrispian Burks, Carmen J. Larreynaga. Carmen J. Larreynaga said: 10 WordPress Install Security Tips « Benzing Technologies … http://bit.ly/2og53j #WordPress #WP [...]