WordPress Security, Plugins and Basic Tips

November 8, 2010

By @NetCrunched

WordPress Security:

We all agree that having a secure wordpress weblog should be our first priorities when keeping a successful blog. In this post we’d like you to share your knowledge and help us create the WordPress Security guide to keep the bad guys out.

wordpress security1 WordPress Security, Plugins and Basic Tips

WordPress is an awesome publishing software and Auttomatic (the company behind WordPress) always tries hard to secure it so that millions of blogs can be safe from hacker threats.

Recently TechCrunch the world’s biggest blog, got hacked twice in a short time frame of eight hours. According to the lead programmer of WordPress, Mark Jaquith, the hack was most probably because of an insecure WordPpress plugin which allowed the hacker to use the method of php injection to hack tech crunch. It wasn’t a server side hacking. I hope this all detailed information will help you to protect your wordpress blog.

Basic Tips:

Don’t install WordPress in the root directory. Install it in some folder with a weird name which is not easy to know. Something like 442dgdsaps. This will save your wordpress installation from bots as well as hackers.
Move wp-config.php file: Did you know since WordPress 2.6 you can move your wp-config.php file outside of your root WordPress directory? Most users don’t know this and the ones that do don’t do it. To do this simply move your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your config file there if it can’t find it in your root directory.
Follow this guide on how to open WordPress on the main url after installing it in a sub direcotry.
Use secret key: This is probably the most followed security tip on the list, but still I’m amazed at how many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you.
Change the WP prefix of database tables. It will save you from sql injection hacking.
Never use the admin account. After installing WordPress, you should change the administrator user name.

Tags: Admin SSL Wordpress Plugin, Akismet Wordpress Plugin, Chap Secure Wordpress Plugin, database security, development knowledge, HTTP Authentication Wordpress Plugin, Invisible Defender Wordpress Plugin, Login LockDown Wordpress Plugin, meta tag, protection security, Secure Wordpress Plugin, security, security scan, security version, security vulnerabilities, TAC Theme Authenticity CHecker Wordpress Plugin, WordPress, WP Security Wordpress Plugin, wp version

This entry was posted on November 8, 2010 at 6:04 pm and is filed under Gadgets, Plugins, Slider, WordPress. You can follow any responses to this entry through the RSS 2.0 feed.

Become a Fan

Twitter Goodies

Archives

Links

Recent Posts

Pages

Links

Recent Comments