Simple Steps to Secure Your WordPress Site
I have had my WordPress sites hacked in the past, and I have a good friend who was just hacked as well. Most WordPress hacks are pretty harmless, and more annoying than anything. But if you are trying to build your website and gain the trust of your visitors, it probably doesn’t do you any favors by having a malware warning pop up when people try to access your site. Here are a few tips to help you keep your WordPress site safe and secure:
1. Delete the Admin Account
The default WordPress user is named “admin”. Create a new account under a new name, assign the role of administrator to that user, then sign in under the new user and delete the “admin” account. Also, make sure to use a strong password for all of your account.
2. Rename the Database Table Prefix
The default database table prefix is “wp_”. Don’t use that. This one is easiest to change when first installing your site. Many WordPress installers give you the option to change this when installing your site. I use SimpleScripts with my Bluehost Hosting account (affiliate) to install WordPress on many of the sites I do. This gives me the option to set the prefix as I am setting up the install. Very easy.
If you already have a blog up and running and want to change the database table prefix, it’s a bit more work. But it can be done. Leave me a comment if you’d like a tutorial on how to do this.
3. Install the “Secure WordPress” Plugin
This plugin is great! It is the first plugin that I install on all of my new sites. It provides a slew of great security options. Don’t question it. Just do it.
4. Keep Plugins and Themes to a Minimum
Plugins can unintentionally (or intentionally) leave security holes in your site. If you don’t NEED the plugin, uninstall it. If you’re not using the theme, uninstall it. Don’t just deactivate them. UNINSTALL!
5. Keep Your WordPress Up To Date
Unless you are running a bunch of old school plugins on your site (which you shouldn’t) there is no good reason why you shouldn’t be running the most current version of WordPress. It is easy to upgrade now. It’s just 1-click and you’re done. Also, you should usually run the newest version of plugins as well. Sometimes a plugin needs to be updated because a security hole has been found in the old version.
Most of these steps (except maybe #2) could be done by any low-tech Average-Joe. Don’t let yourself get hacked. These small steps will help tighten security around your blog.
Know of any other ways to protect a WordPress site? I’d love to hear about it in the comments.
10 Responses to “Simple Steps to Secure Your WordPress Site”
Leave a Reply
WordPress likes to include a meta tag indicating which version of WP is installed. I like to take that bad boy out of there when I setup a blog.
The \“Secure WordPress\” plugin will do that for you. Nice tip!
[…] This post was mentioned on Twitter by Bo Lane, Vin Thomas. Vin Thomas said: Just Blogged — Simple Steps to Secure Your WordPress Site http://bit.ly/6XZHWc […]
Great entry Vin, would be interested in info for changing the database table prefix on an existing install. Thanks for the other good info as well.
(Side note, your affiliate link to bluehost is broken with double http’s.)
I will put that on my to do list for a blog post in the future. It isn’t too difficult to do, but would probably make a better screencast.
Vin,
Thanks so much for this article. It is great that you have taken the time to share this information with us. Obviously you could make money from us by fixing our sites after we’ve been hacked.
Extremely unselfish gesture helping us to be proactive in protecting our sites.
Thanks again!
David
Thanks for the comment David. The way I figure it, the less time I spend working on things like this the more time I can spend doing the things I am really passionate about. Design I love; fixing a hacked site — not so much!
Thanks for the tips Vin! I’ve acted on steps 1, 3, 4 and 5. Count me in as one who would love a tutorial for step 2. When I set up my blog (using SimpleScripts) I didn’t think to change the wp_.
Glad to hear it helped.
The tutorial is in my todo list. It is a little bit of a pain in the tail, but not too bad. Look for a video tutorial in the next couple weeks.
Yeah, I’m wanting that tutorial as well. Please.