Securing wordpress seems to be more rumor and guesswork than fact on the Internet. I’ve purchased a couple of security guides over the past year and have been quite surprised how useless they really were.
More useless because they were not ‘reasonable’. One of the guides, basically recommended tossing out the baby with the bath water. Their suggestions worked, but in the process, it broken more then it protected.
Well, let me save you $40 and tell you some very simple steps to protect yourself from hackers who enjoy defacing your hard work.
Your Hosting Agent
The first place to secure your wordpress installation is not with wordpress but with your hosting agent. I always recommend choosing a host that supports the use of the Cpanel software suite. Not for security, but for ease of use and portability.
With that said, I’m going to assume for the rest of this guide, that you are using a hosting agent that uses Cpanel. If you are stuck and need a recommendation, here are two very good hosting agents. Hostgator and Scala Hosting.
I’ve used both and I personally do prefer Scala Hosting. They are a little smaller then Hostgator and do provide slightly better technical support, but that’s my personal opinion. But both are good. Enough diversion, back to securing wordpress!
The first and foremost thing you must learn to do to secure your wordpress installation is to learn to back it up. This is the most important task you can perform. No hacker on the planet can break the backup you store on your personal computer hard drive. And it’s a snap for your hosting agent to restore your complete site from a cpanel backup.
If you want more information about backups, here a link to backup wordpress.
Probably the biggest security risk will be your laziness. Sorry for sounding rash, but when you need to upload files to your hosting agent, you must have a username and password. And cpanel doesn’t help as it wants you to create a new ftp username and password per add-on domain.
When you select a username and password, use the cpanel’s ability to help you by choosing a random and complex password for your ftp username.
You can use the ‘Generate Password’ feature that will bring up the second box to the lower right quadrant. In it, I changed the default password length from 12 to 20. Then you simply click on the ‘Regenerate’ button and the ‘Use password’ button.
Now, I warn to make sure you make record of this password! It is completely random and very complex.
Now why do through all this grief? Simple, I like many other people have been defaced by the simplest trick in the book. The proposed hacker who hacked some of my sites tried one password after another until they discovered my password.
Now, my passwords back then were not simple but not this complex either. After talking with the hosting agent, after having to rebuild 33 sites, (yes I like to learn the hard way), they informed me that they had seen a ton of ftp traffic for about 6 weeks before the defacing.
Performing this very simple step of creating extremely complex passwords can easily protect you and coupled with backups, it’s a sure fire 2 punch to the bad boys who would like to ruin your day!
I’ll be taking a deeper look at securing wordpress in my next article titled part 2 of this series. There I’ll be looking at some web techniques to keep prying eyes out of your directories so wanna be hackers cannot find what you are running in wordpress and further exploit security holes!
Filed under: secure wordpress
Like this post? Subscribe to my RSS feed and get loads more!