Securing Wordpress...

6 replies
Just wanted to know what are the methods or plugin/plugins that you have used to secure your Wordpress installation?
#securing #wordpress
  • Profile picture of the author Lori Winsor
    In this article there are some good advices-

    Another Site Hacked: Prevent This from Happening to You

    I change my passwords every month (or so...) and backup my sites with duplicator plugin (free). So far so good (touch wood!)

    WordPress › Duplicator « WordPress Plugins
    {{ DiscussionBoard.errors[8294495].message }}
  • Profile picture of the author Mohsin Rasool
    Originally Posted by Joseph Then View Post

    Just wanted to know what are the methods or plugin/plugins that you have used to secure your Wordpress installation?
    Hi Joseph,

    1. Make sure you do not have 'admin' username.

    2. Password is strong, with special letters in it.

    3. You need anti virus and firewall plugin
    I used to use: WP Firewall2 but it is not being updated...
    so now i use and recommend:
    WORDFENCE

    4. Keep your WordPress , themes and plugins up to date.

    5. Avoid using just any plugin or theme, make sure you use only secure plugins,
    and themes...check more about those plugins and authors and see if you are
    using something which is proven to be solid, secure.

    6. If you have authors who need to login and write to your blog, do not give
    them admin account, create editor accounts for them.

    7. Keep your PC fully secured and updated anti virus.

    8. Keep good care of your email, and hosting passwords.

    9. Do not forget to take backups... have once a month backup for the site,
    but daily/weekly backup of database sent to your email by a free plugin:
    wordpress.org/plugins/wp-dbmanager/

    Good Luck,
    Mohsin
    {{ DiscussionBoard.errors[8294731].message }}
    • Profile picture of the author Joseph Then
      Originally Posted by Mohsin Rasool View Post

      Hi Joseph,
      1. Make sure you do not have 'admin' username.
      Oops... I will change my admin username. Check.
      Originally Posted by Mohsin Rasool View Post

      2. Password is strong, with special letters in it.
      Oops again... I will change my password to stronger one. Check.
      Originally Posted by Mohsin Rasool View Post

      3. You need anti virus and firewall plugin
      I used to use: WP Firewall2 but it is not being updated...
      so now i use and recommend:
      WORDFENCE
      I use Secure Wordpress. I may change all to Wordfence. Check.
      Originally Posted by Mohsin Rasool View Post

      4. Keep your WordPress , themes and plugins up to date.
      Always click-happy to update. Click.
      Originally Posted by Mohsin Rasool View Post

      5. Avoid using just any plugin or theme, make sure you use only secure plugins,
      and themes...check more about those plugins and authors and see if you are
      using something which is proven to be solid, secure.
      Check.
      Originally Posted by Mohsin Rasool View Post

      6. If you have authors who need to login and write to your blog, do not give
      them admin account, create editor accounts for them.
      Check.
      Originally Posted by Mohsin Rasool View Post

      7. Keep your PC fully secured and updated anti virus.
      I use Mac. Check
      Originally Posted by Mohsin Rasool View Post

      8. Keep good care of your email, and hosting passwords.
      Kept in secured place. Check.
      Originally Posted by Mohsin Rasool View Post

      9. Do not forget to take backups... have once a month backup for the site,
      but daily/weekly backup of database sent to your email by a free plugin:
      wordpress.org/plugins/wp-dbmanager/
      I'll run the backup plugin this week. Check.

      So will all the above help? Anymore things to check?
      {{ DiscussionBoard.errors[8294848].message }}
    • Profile picture of the author Charliebrand
      +1 on this advice.

      Keep all themes and plugins up to date and you shouldn't have many problems.

      Originally Posted by Mohsin Rasool View Post

      Hi Joseph,

      1. Make sure you do not have 'admin' username.

      2. Password is strong, with special letters in it.

      3. You need anti virus and firewall plugin
      I used to use: WP Firewall2 but it is not being updated...
      so now i use and recommend:
      WORDFENCE

      4. Keep your WordPress , themes and plugins up to date.

      5. Avoid using just any plugin or theme, make sure you use only secure plugins,
      and themes...check more about those plugins and authors and see if you are
      using something which is proven to be solid, secure.

      6. If you have authors who need to login and write to your blog, do not give
      them admin account, create editor accounts for them.

      7. Keep your PC fully secured and updated anti virus.

      8. Keep good care of your email, and hosting passwords.

      9. Do not forget to take backups... have once a month backup for the site,
      but daily/weekly backup of database sent to your email by a free plugin:
      wordpress.org/plugins/wp-dbmanager/

      Good Luck,
      Mohsin
      {{ DiscussionBoard.errors[8294897].message }}
  • Profile picture of the author Humbee360
    I know how it feels to wake up one day and see all your hard work obliterated, by some 12 year old with too much time on his or her hands.

    There are quite literally probably 40 or more things that should be done with wordpress, including some plugins that are an (open door) for people that want nothing more than to break into and destroy your hard work.

    There are some days that I see 20 or more attempts at getting into the admin area, I personally think the biggest mistake that many wordpress website owners make is to use the fantastico installer, or any other installer to install wordpress.

    It is probably the biggest reason that people end up with a site that gets broken into.
    Signature
    "Everything goes where attention flows..."
    {{ DiscussionBoard.errors[8294940].message }}
  • Profile picture of the author vietnap
    Better WP Security is a good one if you want to use plugin.

    About "any" plugin and theme: if you don't use any, make sure to delete it from your WordPress installation. Keeping a script in your account and if that script is unsecured, you are still opening a backdoor.
    Signature
    VietNAP Managed Hosting

    Clustered hosting | Managed WordPress hosting
    Xen VPS | Managed dedicated server
    Seattle, USA and Hanoi, Vietnam data centers.
    {{ DiscussionBoard.errors[8294942].message }}

Trending Topics