How to Keep WordPress Secure
As you all know I got hacked five times and finally had to nuke the blog . I have been searching all over for ways to protect myself from hackers, but haven’t found anything that wasn’t much better than snake oil. There are all of the terrific claims, but you can tell just from looking at the web page that the product is just a bunch of crappola.
I did find one little report that is pretty good and it only cost $5.95. This is what it has in it:
Topics included:
- 3 Questions To Ask Your Web Hosting Provider
- File Permissions
- Database Permissions
- Table Prefix
- Access to wp-admin
- Access to vital WordPress Files in your Main Directory
- Beware Downloading New Themes
- Roles and Permissions for users
- Directory browsing
- WordPress Version number
- Brute Force Attacks
- Software and Plugins up-to-date
- Backups
You can get it here: 7 Easy Steps to Secure Your WordPress Site
(This is not an affiliate link) If you are a customer of Tdothost.com you can get it free. I’m not so I paid the $5.95.
I also installed a script called Site Warder that was recommended by a friend. Site Warder does not protect the blog from hackers, but it gives me the ability to check to see if anything has been altered so that I can look into the file and see if anything is amiss.
Coincidentally WordPress just made a blog post about this very thing. Basically, in a nutshell, keep your WordPress blog updated. I am very good about doing this, but there was a security vulnerability in the last version of WordPress that they have fixed with the new version. You can read the entire post here.
Apparently, the Trojan worm that kept attacking me was attacking a lot of other people too. I just don’t get why people are so mean to want to harm others this way.
Have any of your blogs been attacked? What have you done to kill the worm? Have you found any preventative measures that you are using to protect your blog against hackers?
Alex Sysoef, of Expert WordPress, says that you should never use Fantastico to install your blogs and that you should install them manually. Alex is the one that recommended the report on his blog post WordPress Security.
Here is Additional Reading About Hacked WordPress Sites:
Did Your WordPress Site Get Hacked? – This blog post talks about some of the latest hacks and how to fix them. Some of it is over my non-techie head, but must of it I was able to understand.
Security Focus SQL Injection – Matt Mullenweg gives some tips on his blog, but he is basically saying the same thing as WordPress’s latest blog post (mainly because he wrote it). “Update your blog, plug-ins and themes; and use strong pass words.
Blog Security – I like this site because it list the latest vulnerabilities and the fixes.
Leave a Comment and Let Us Know if You Where Attacked
Reader Comments
Thanks for the link!
I think blog security is one of the most overlooked or even ignored aspects fortunately and hopefully posts like yours, speaking from experience will help spread the awareness.
Simplicity should never overshadow security!
Alex Sysoef´s last blog ..Expert WordPress Automated Blog Installer
Alex,
Thanks for stopping by. I’m sorry I missed most of the webinar last night. At least I caught the tail end of it! LOL!
June