Tutorials

WordPress Security Plugins and Tips – Buddy Tuts

So, how many of my friends use wordpress here? WordPress today being the most preferable and popular platform of all the blogging platforms, it would not be surprising if the numbers are quite steep. 🙂


But then the question that comes up is how many have you taken steps to ensure that your WordPress blog is secure?? I can see a lot of doubt on your face but worry not, this post will guide you  to improve your security.

A recent event triggered this thought in my mind that I should check my WordPress security. If you might have noticed in the past couple of days, ewebbuddy was throwing a Database not Available error though I could not find Wordpress Securityanything wrong in my database. Recently I had upgraded my WP installation and I was worried that it might have been a result of some security loophole in which case I had to clean my installation and install everything back. The process is tedious but I couldn’t think of a better alternative. Thankfully I had backup of all the posts, so I was not afraid of losing any data. But further probing told me that it wasn’t a security issue but actually a issue due to certain changes made on the Cpanel by my host lunarpages. I was glad that the issue could be resolved but it got me thinking that is my blog secure enough?! And I took steps to ensure it is.

WordPress Security Tips

Here I have list down some of simplest things that you should check to improve your WP security:

  • Have strong Passwords – I know this might sound something that is told again and again but it is also one of the very crucial ones. It is very important that all your users have a strong password. That makes hacking with Brute force tough. Try to create a password which is alphanumeric, has some special characters and also has some letters in CAPS.
  • Delete/Rename Admin Account – When you install WordPress, by default an Admin account is created and a password is generated for you. Generally people tend to use this account for further use. Also, even if they make another account, they keep the admin account. This makes the account vulnerable. What you should do is that, either change the username “Admin” or simply create a new Administrator account and delete the ‘Admin’ account.
  • Select a good Host – Many of a times websites get hacked if the web-hosting company is not good enough and has vulnerabilities. I use Lunarpages which I have found over time to be a good host with an excellent support.
  • File/Folder Permissions – It is very important that your hosted files and folders are as tightly kept as possible. The permissions should ensure that it is not accessible to the outer world (read as hackers)! You can use an FTP tool like FileZilla to ensure that your File/Folder permissions are proper. Ensure that your all folders’ permission level is 755 and for files its 644.
  • Keep WP updated – Make sure that you always update your WordPress installation. Now WP has automatic upgrade option which makes this task a piece of cake. WordPress community is always upto making improvements to the platform and many security bugs are fixed with every release. Every upgrade make your installation less vulnerable.
  • Don’t Advertise your Version – Make sure that you do not go around and advertise your WP version anywhere. It may lead to someone making use of a security vulnerability for that particular version on your blog.
  • Secure WP-Config.php – This is the most important file of your installation as it contains the DB access credentials. To secure it, keep the file permissions to 750. Also you can move it One directory level up i.e. keep it outside the WordPress installation folder.

To know more and know it detail, check out the following post – Hardening WordPress

WordPress Security Plugins

Here are a couple of plugins that I have tested and found quite helpful in making your WP installation secure.

  1. WordPress Security Scan – Scans your installation to ensure there are no vulnerabilities and you have taken all required steps to secure your installation.
  2. Secure WordPress – Similar to WSS above but ensures further more security.
  3. WordPress Firewall – Applies a firewall on your installation which stops any HTTP injections and other intrusions to happen. If a firewall breach is suspected, an email is sent you immediately.

There are more plugins which might prove helpful but I have found that these basic ones make your installation quite strong and secure.

Hope you find this post helpful and make your installation secure. In case you have further tips, plugins do share them below. 🙂 Goood Day…!!

Image Credit – ClickonF5

Piyush Agarwal
Piyush Agarwal is a part-time freelance webdesigner who loves to play with design and the web around. You can check out his designs on Technix Designs. He is also into Theatre and Photography.
http://www.piyushagarwal.com

Leave a Reply

Your email address will not be published. Required fields are marked *