Monday, November 21, 2011

8 Essential WordPress Security Tips

Because of its popularity, WordPress is one of the open source blogging platforms most targeted by malicious attacks. While this cannot be but worrying for its users, the good thing is that there are many simple precautions you can take to protect your blog. Before reading the essential security tips below remember that for maximum protection you should use all of them combined. 


  • Choose a strong password
One of the simplest yet most often neglected protection measure for a WordPress blogger is the use of a strong password. Choose a password that uses letters and numbers in combination, and that's hard to guess. Also, try to use different passwords for each of your online accounts, so that if one of them gets hacked, the others won't become vulnerable as well.

  • Hide the version number
If you use a custom theme, your blog displays the version number of the WordPress platform it uses by default. From the point of view of security, it's unwise to reveal which version of WordPress you're using, because hackers may take advantage of this information. So, hide the version number by inserting the line   in the functions.php file of the theme.

  • Encrypt wp-config.php
The wp-config.php file stores all the sensitive information associated with your blog administrator account, including username and passwords. For this reason, you may want to encrypt it.

  • Disable directory browsing
With directory browsing activated you invite attacks. It's like keeping your front door wide open, and letting people you don't know wander through your house. To disable it put an empty index.php file in all your directories apart from the root directory.

  • Enable Secure Socket Layer (SSL)
SSL is an Internet protocol for managing the security of online message transmissions. If you web hosting provider supports SSL certificates, you should consider securing your blog by configuring the wp-confic.php file so that SSL is automatically used.

  • Update
Using the latest version of WordPress and of themes and plug-ins means that you have less security vulnerabilities to worry about – a fair share of security issues is fixed in each new WordPress release. Many WordPress users don't update because of neglect; don't follow their example. Updating is simple and increases your security considerably.

  • Install no more plug-ins than you need
There are many, many WordPress plug-ins out there, and a great deal of them can be a security vulnerability for your blog because of dubious code, which facilitates all sorts of injections and attacks. The best approach is to use only essential plug-ins that you trust, which you get these from reputed websites. Stick to popular plug-ins, and before getting new ones always check reviews. Avoid obscure plug-ins available on suspicious websites.

  • Use only high-quality themes
Just as there are many plug-ins with weak code, so there are many themes with suspicious or downright bad code. Using premium themes is recommended, because these are usually better and safer, but you should be fine with using free themes as well, as long as you download them from trusted websites.

In conclusion, you should not experience any major security issues as long as you use a strong password, avoid suspicious themes and plug-ins, update to the latest WordPress version, and taking a few precautions like disabling directory browsing, forcing SSL use, encrypting essential files, and hiding the version number.

Note: Remember to back-up your files regularly, so that you may always do a restore if anything goes amiss.



The guest post is contributed by Patrick Smith.
Patrick is associated with WebHostingSecretRevealed.com since last 2 years. The site provides information on Best Web Hosting reviews. The owner has researched and analyzed innumerable web hosting platforms and made a comprehensive list. IPage Review occupies first rank in his list because it provides customized products at your doorstep.