|
 WordPress is a very populair Content Management System and as such always under attack by Hackers / Crackers.
Most of the hacks attemps are not focussed on using WordPress core security holes but via Plugins or Theme security problems.
Basic WordPress Security
WordPress security start with the installation of you website and these steps can help:
-
choose a good webhost
-
create a cryptic database and database username for you MySql database
-
create a high secruity password
-
don't use the standard wp_ prefix for ou tables
-
don't use the standard Admin username but create a more difficult username and matching secure password
After installation use the permalinks option to create a .htaccess file in the root of you website.
Once the installation is done you can remove the following files:
-
wp-config-sample.php
-
readme.html (contains information on what version of WordPress you are running)
-
wp-admin/install.php
-
wp-admin/install-helper.php
Secure your files by changing the permissions on:
.htaccess to 404 (or 604)
wp-header tot 400 (or 600)
if possible move your wp-config.php file one folder up and set the security to 400 or 600 if your hosting company won't allow 400.
WordPress Security Plugins
There are three plugins I always install on my WordPress websites:
WordPress Firewall 2 which monitors web request to your website and block obvious attacks.
File Monitor Plus this plugin will send you an email if a file has changed on your website and which file(s) are changed.
WP Security Scan want to know if you already are under attack? And get some extra tips and aids to block some standard attacks, then WP Security Scan will help you.
Using the above measures help me to secure my WordPress websites from attacks on several occasions. |
