WordPress security is no laughing matter. When you rely on the reputation that you build with your blog, the last thing you want is for that blog to be compromised. WordPress is the most common blogging platform, which means there are a ton of add-ons and plugins you get use to completely customize your blog. Unfortunately, being as widespread as it is, even a small security hole can affect a large number of customers.
1. Keep your WordPress Installation Updated
WordPress frequently offers updates and patches to their platform. As a webmaster, you should strive to always have the most up to date version of WordPress installed on your site. Most of these patches are security updates, which makes it even more essential that you update regularly.
What goes for your WordPress installation goes for your plugins as well. Check for updates to your add-ons regularly. An updated WordPress may make some of them less secure or incompatible. If you’re using old plugins, you may want to remove them and search for newer versions with a lower chance of security holes.
2. Implement Secret Keys
Secret keys are an added layer of cryptographic security offered by WordPress. They’re easy to generate and hard to work around. Log in to the Wordpress site and visit the secret key generator here: https://api.wordpress.org/secret-key/1.1/. It will generate a secret key for you. Copy the key into your wp-config.php file and you’re done. You can change the key at will by repeating the process.
3. Use Plugins for WordPress Security
Wordpress offers a number of security plugins for use with their suite. Some of them are active scans that search your installation for open security holes to fix. Others will add layers of security on their own. It’s always a good idea to scan your installation every few months just to make sure no holes have opened up.
4. Update the Default Admin
Like with most software, when you install WordPress, the default account is named Admin and has a password common to WordPress accounts. Some webmasters forget about this account and never change it. Some just change the password, which is good, but not good enough. If a hacker knows the username, they’re already halfway to cracking your account. Change both the username and password of the default admin account as soon as you can after installation.
5. Secure with .htaccess
Every Wordpress install comes with a .htaccess file. It lets you limit who can access your admin account. You can easily set your .htaccess file to allow only people with your IP address into your account. If you travel frequently, this isn’t an idea solution. If you do most of your blogging from home, it adds more security without hassle. Open up or create a .htaccess file and paste this code:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx
The string of Xs is your IP address, the one you want to allow to access your account.
With these five tips, your Wordpress installation is much more secure. Even if the security itself isn’t the greatest, the point is that hackers look for easy targets. They won’t spend time cracking your secret key and admin password when they can go next door and crack the site of someone who never changed their admin information. While even the most dedicated security could potentially be cracked given enough time, no one will put out that much effort without a guarantee of value from doing so.
