I’ve had a lot of people of late talk to me about how to secure WordPress, or ask how secure WordPress is, so I thought I’d put up this post to help anyone else who is wondering about such matters.
WordPress is a very popular Content Management System (CMS) which is developed as an online, open source website creation tool written in PHP. It’s one of the easiest and most powerful blogging and website CMS tools available today.
Due to the open source nature of WordPress anyone can look at how it’s designed and written thereby allowing malicious people to try and take advantage of any security vulnerabilities that may be uncovered. I am by no ways an expert on using this product, so if I’m saying anything that is incorrect please feel free to get in touch.
Security Best Practices
WordPress comes with some basic security features as default; however there are still numerous ways to further secure your installation of WordPress to further safeguard your data.
- Change the default ‘admin’ username to something other than admin.
- Change the prefix of the WordPress database (through plugins etc)
- Ensure your admin (and any other users) password is strong.
There are a number of good articles available on the Internet which explains a bit more on how to secure WordPress installations, some of these links are as follows:
How to secure WordPress
Now that we know you can secure WordPress and that there are a number of ways to secure WordPress, how to we go about doing this? Firstly ensure that you backup your WordPress database and .htaccess file. Therefore if anything goes wrong you can restore and go back to your safe verified settings.
Once everything has been backed up, search for a security plugin, download and activate and then start applying your security changes one at a time, making sure that no adverse effects are being experienced on your site, if everything looks good move onto the next change and test again.
Here are some of the Plugins that I’ve used over the years and can recommend. Plugins are down to everyone’s individual taste and style, so what I may like might not mean its ideal for you. Read the description and any comments about the plugin.
I hope that this post helps you and opens up some ideas on how to secure your WordPress installation.