1. Make Sure WordPress Is Up to Date
One of the main problems people have with keeping their
WordPress installation secure is updating. Follow these steps:
- Find the "Update" link under the "Dashboard tab" as shown below and click it.
- Once you're in the Updates menu, you will be prompted to update your
installation if needed, or to redownload it if it's already up to date
(as seen below).
2. Ensure Your Host Is Running the Latest Version of PHP
It
should go without saying. If your host is running an old, insecure,
version of PHP, nothing you do will help you. The latest version, as of
this writing, is version
5.4.3 which patches a buffer-overflow vulnerability. Any good website hosting company will be more than happy to tell you what version of PHP your server is running if you open a ticket with them.
3. Use a Blank HTML File to Hide Plugins
Hackers can use
knowledge of your plugins to find vulnerabilities in your WordPress
installation. Simply place a blank html file (a text file with the
extension *.html that has nothing in it) into your /wp-content/plugins
directory to make sure that they can't look up your plugins.
4. Block Access To Your wp-config.php
Simply put, you do
not
want someone to have access to your wp-config. It has your table
prefixes, database login information, and more. If you forget to protect
it, you're going to pay for it - dearly. The wp-config file is located
in the root directory of your WordPress installation and is the holy
grail of hacker information diving. So simply place:
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
in your ".htaccess" file to tell Apache to make sure
they don't get access to it. This will prevent any sort of unwanted
access to your wp-config file. The ".htaccess" file is extremely
important to the security of your WordPress installation (and your
server as a whole). It would be wise to learn how to use it.
Here is a good guide to get you started.
5. Install Secure WordPress
Secure WordPress is an excellent plugin that takes the guess work out of installation security. It takes care of removing nearly everything a hacker uses to get information on your installation. If there is one plugin you should be running, it is this one.
Comments