Wordpress Security

Mon, Sep 14, 2009

In light of recent events I managed to find time to look a lot more closely at the security of my Wordpress blogs and was surprised to find that although I had done a lot to square things away pretty well, there was actually a lot more that I could be doing.

Fortunately none of it is too difficult and hopefully this will save you some research time.

The most important thing to remember is to keep your installation up to date. It can be a royal pain if you use a lot of plugins because invariably the latest version of WP will cause issues with some of them until the plugin developers get around to updating their add ons too. However, that is just the way it is and it is better to keep your WP current than wait around for the occasional plugin to catch up.

I had long ago learned of some of the most obvious precautions to take with Worpdress but it is surprising how many people are unaware of many of them.

Protect your WP admin Area using .htaccess -- Sadly this blog is no longer updated by its owner but this post is still a nice easy explanation.

Protect your plugins directory from snoopers. If you can type in the path to your plugins directory in a browser, so can everyone else. By doing so they can see a full directory list of what plugins you have installed. This is easy to remedy. You can either upload a blank index file to the directory or, if you are on cpanel hosting, turn off indexes from there. Just go to index manager in cpanel and you will see how you can turn off indexes for specific directories. Alternatively, you can add the following line to your .htaccess file:

Options All -Indexes

Now, these are just basic measures but they will deter many idle hackers who will move on to easier pickings. There are also various Worpdressplugins that you can use to beef up your security even further.

BadBehavior was a plugin that I resisted using for a long time as there seemed to be so many issues with it but I eventually gave in and installed it. Judging by the number of suspicious things it blocks, I’m glad I did and so far it seems to be functioning in harmony with everything else.

Other plugins you may find beneficial are:

WP Security Scan

Wordpress Firewall

Worpdpress Exploit Scanner

Anti Virus For Wordpress

Whether you choose to use one or all of the above, none of them will be a waste of time and all have helped me to ensure that my WP installation is as secure as I can possibly make it. The Firewall plugin has stopped several potential SQL injection attacks already. The Anti virus is a bit oversensitive at times but there are plenty of settings to fine tune its performance to suit.

There are other things you can do with htaccess too. For example, you can prevent access to your wp-config and you can also protect the htaccess file itself

Helpful videos On Wordpress Security

WordPress Security -- A Comprehensive Guide (bloggingpro.com)
Secure Your Wordpress Install with Secure Wordpress Plugin (wpjedi.com)
Daily Tip: Secure WordPress by Preventing Directory Listing (pressography.com)

Possibly Related Posts:

Share and Enjoy:

You Can Subscribe To Our Feed Via Email Too

Related Websites

Best Plugins for Wordpress 3 and Wordpress MU The best plugins I have found, all tested to work with the latest Wordpress 3 - these plugins also work on Wordpress MU. Plugins for:...
Top 50 Tools For The WordPress Admin [/caption] Running your Wordpress blog can feel like a full-time job sometimes. We’ve compiled an A-Z list of more than 50 plugins to help you...
PHP, SEO, And Spiders - Oh My! Dynamic database-driven sites have become very popular, and relatively easy to set up and administer, through the use of Content Management Systems (CMS) and PHP...
WP-Datediff - Plugin for WordPress Super simple plugin that allow us to know the difference between dates in WP. What is useful for? In my case in few blogs I...