Well that was quick, summer is almost over. Fall is around the corner, which means back to school, fall broadcast season starts, and of course the 2011 Toronto International Film Festival. With such a hecktate schedule beginning now is a good time to take a closer look at security on your wordpress site.
WordPress is a great tool for blogging or showing your work. It does not require you to be a webmaster to publish articles. But if you happen to be on on a self hosted site, then it sort of does. What I mean by this , is it really up to you to maintain security from malicious software code infecting your site. To bump up security on your wordpress site, here are some of my top suggestions.
Delete Admin Account
This one is crucial, as every wordpress site comes with a default admin account. If you don’t delete it, you are giving hackers 50% of what they need to know already to hack your site. There are programs that will automatically figure out what your password is. Deleting the admin account is easy as making another account, and then assigning the new user with administrator rights. Then sign in as the new user and delete the admin account.
Now I know this seems very obvious, but you would not believe how many of my students have their passwords set to easy words such as their own name. It is important to have a password that is comprised of upper and lower case letters, numbers and symbols. Also try not make a word in the dictionary as hackers often run every word in the dictionary in order to get into your site. A strong password is your first line of defense.
Keeping up to date
This one is tedious but important, WordPress makes it easy to upgrade from inside the dashboard. But this will only update specific files to the new version, leaving in legacy code. This leaves vulnerability in your site that hackers can exploit. Doing a fresh install on major updates of wordpress is always the safest best. It may be a little complicated but it is much more secure. There is a full explanation here.
There are many different plug-ins people use to secure their wordpress site. I personally prefer to not use plugins, and use html code to protect my site. However if you are not code savvy, a crucial one is database back up. It will automatically back up your site’s database to either your computer or you can set it to email you with it. ( depending on how large your site is.) You can download it here.
To further increase security here is a list of other plug-ins that may come in use.
A Good Host Provider
Quiet possibly the most important thing you could have for security and support is an amazing provider. They will help you when things go wrong, and guide you through the steps to correct them. Personally I use Host Duplex. They are simply fanstastic, their supprt from migrating my stie to their servers to helping me with various issues from databases to secuirty has been above and beyond the call of duty. They will be there when all else fails.