I recently wrote a post about cleaning up your hacked wordpress site and wanted to follow up with a quick post on how to actually prevent your site from getting hacked.
The order I chose for releasing the posts seems a bit silly. Of course you would want to prevent hackers first, however, most people don’t even think about hack-proofing their site until it actually happens.
I am keeping this post short and sweet since no one wants to read too much about this boring and scary subject. I will not go into detail for each of the security tips. Maybe later I will create a post to talk about each of these…
So check out my WordPress Security Tips below and be safe!
WordPress Security Tips
- Upgrade WordPress
- Do not use the admin account
- Delete the admin account
- Change default passwords
- Use “strong” passwords
- Move your wp-config.php file
- Use secret keys in your wp-config.php file
- Change the wordpress table prefix
- Lockdown your htaccess to allow only certain IPS to access it
- Use shell access as opposed to FTP
- Create a blank index.html in your plugins directory (should be there in newer WP versions)
- Block access to the wp-admin folder using your .htaccess file
- Remove the WordPress version string from your header.hp file
- Block your wp folders from search engines
- Do not allow people to register as administrators by default
- Keep spam comments out
- Backup your database and server-side files regularly
- Use proper file permission settings on all files on your server
- Use secured connections to access your WP admin pages
- Scan for vulnerabilities
No comments:
Post a Comment