Select Page

Ensure you have the most recent version
Upgrading to the version 3.0 (as of the date of this article) will address many security vulnerabilities, including the protection of your wp-content/plugins directory, and your wp-admin folder.  These directories in 2.x versions had security issues and as such were prime targets for attacks.  Also be sure to upgrade all of your plug-ins, where applicable.  Regardless of how many WordPress sites you may be running, or how hard it may be to upgrade 10’s or 100’s of them, it’s better than having all of their content deleted and thus having to do reinstallations anyway.

Lock down your registrations
Hackers can easily crack your login password and credential using brute force attack.  Brute force attacks are nothing more than continual attacks with usernames and passwords until eventually, the attack is successful.  These can also be known as ‘dictionary attacks’.  To prevent that from happening, you can install the login lockdown plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

Use a strong password
With the implementation of WordPress 3.0, there are new tools that tell you whether or not your passwords are strong or weak.  Make sure you use a strong password that is difficult for others to guess. For more information on how to create a strong password, but one that is easy to remember, click here.

Remove WordPress version info
A large number of WordPress theme include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.  To remove the WordPress version info, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like

Delete it and press Update File.

Continually perform security scans
You can install the WP-Security Scan plugin, which will provide many different security checks and features for WordPress installations.  It can detect, and correct most security vulnerabilities that have been found before an attack can begin.

Change your login name
The default username is ‘admin’. You can make it more difficult for the hacker to crack your login credential by changing the login name.  In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.  Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion.

Backup your wordpress database
No matter how secure your site is, you still want to prepare for the worst. Install the wp-database-backup plugin and schedule it to backup your database daily.