| Securing your WordPress blog is the most important | | | | open up Notepad.exe and save the blank file as |
| thing that you must do. Every day, WordPress sites | | | | "index.html" (without quotes). Now, go onto your server |
| are being hacked and injected with malicious code that | | | | and place the index.html file into wp-content/plugins/. |
| could not only affect your website, but also other | | | | Remember to always safely connect to the server |
| visitors as well. In addition, if the problem doesn't get | | | | using a Secure File Type Protocol (SFTP or FTPES), in |
| resolved, it could result in your blog being blacklisted by | | | | which the data is encrypted before it is sent across |
| search engines and labeled as a dangerous website. | | | | the network. |
| After all the hard work you've put into your website, it | | | | Scanning WordPress for vulnerabilities |
| would be completely devastating to find out that your | | | | I would strongly recommend installing the WP Security |
| site has been compromised and/or destroyed. With | | | | Scan plugin by Michael Torbert. This WP security plugin |
| that being said, I've compiled a few tips to help get you | | | | will scan your WordPress installation for security |
| started on protecting your WordPress blog. This is | | | | vulnerabilities and suggest necessary changes, |
| NOT a complete guide for securing your WordPress | | | | including: |
| site, however, these tips will help lead you in the right | | | | - Passwords |
| direction. | | | | - File permissions |
| Use strong passwords for your login | | | | - Database security |
| It's highly recommended to use strong passwords to | | | | - Version hiding |
| make it harder for someone to guess your login. | | | | - WordPress admin protection |
| Strong passwords should be seven or fourteen | | | | - Removes WP Generator META Tag from core |
| characters long, containing both uppercase and | | | | code |
| lowercase letters followed by numbers and symbols. | | | | That's all folks! |
| Make sure it does not resemble any password you've | | | | Keep in mind, there are many things that need to be |
| used in the past. | | | | secured in order to protect your WordPress blog, |
| Hide the contents inside your directory | | | | including your server, database, logins, comments, files |
| One of the easiest tricks is to insert a blank index.html | | | | directories, and wp-admin. If you're looking for help in |
| file into your "plugins" directory. This helps prevent | | | | securing your blog or would like a WordPress security |
| unwanted visitors from seeing which plugins you are | | | | audit, let us know. |
| running on your WordPress site. To do this, simply | | | | |