There’s a lot of attention lately for WordPress security issues. Blogs get hacked quite often and on forums I see a lot of desperate cries for help. I know how it feels. This blog got hacked once and it’s a real pain in the butt.
Before I go into some WordPress security issues, let me emphasize I’m NOT an expert on this issue. Far from it. If you really want an expert to help you out with security issues, get in touch with my friend Tom Brownsword. He’s a certified security expert!
Again, I’m certainly not, but I certainly took some measures for my WordPress security. Let me share them with you.
One of the first things you absolutely MUST do is change your password into something nobody can guess. A random set of at least 10 characters, some in capitals and including at least one special character, like !, ?, and @.
The downside is that these passwords are hard to remember and you shouldn’t store them electronically. So, what I do is think of a name of a far relative consisting of at least 10 characters. Then I change one of the letters into a digit and another one into a special character. The funny thing is, that, after I’m done, I can still recognize the name, but it now makes a great password.
The second security measure you should take is place an index file in every directory that hasn’t one. I usually redirect them to the home page of my blog, but you can also redirect them to a sales page or whatever.
Since WordPress uses PHP, I always use index.php and the content is really simple:
Or, if you’re familiar with the concept, you can use a .htaccess file do accomplish the same. Some control panels provide this option.
Your next WordPress security measure would be to make sure the permissions settings of your files and directories are all right.
This is a bit of technical matter, but basically you can set the rights to read (r), write (w) and execute (x) files for yourself as the owner, for the group the files belongs to and for other users.
Permission to read a file has a value of 4, write has a value of 2 and the execute value is 1. If you see a value of 7, it means that there is a permission to read, write and execute, 6 is only read and write permission.
Since permissions have to specified for all three groups, a permission setting always consists of 3 digits. 644 means that you have the rights to read and write and all others can only read. This is a safe permission setting. 777 would mean, that everyone has the rights to read, write and execute files. That’s a highly dangerous setting as you allow others to manipulate your files.
Sometimes, for instance when you install a script, you’ll be asked to set permissions to 777 in order for the install program to create and write files. Remember to always, always set permissins back to 644 when you’re done installing. Plus you should delete the install script.
You can set permissions using the CHMOD command. It’s available in the better FTP programs that allow you to upload files to your server. Almost all Control Panels also include a way to set permissions. Use these resources to check all your file permissions. The third digit should almost always be a 4!
Another WordPress security measure is to limit access to your admin area. You can do that using a htaccess file in the admin area. It should contain a deny for all and an allow for your IP address.
There’s a WordPress Security plugin that can help you detect vulnerabilities in your WordPress blog. I just installed it and found 1 minor error in my permission settings as you can see in the image above.
So it’s been useful for me already. Consider installing it.
Don’t forget to always upgrade to the latest WordPress version. I think this is included in WordPress version 2.7, so you may need this plugin only once again.
Finally, check out this great article by Aaron Wall: New WordPress Hacking Strategy.
Any other useful WordPress security suggestions?
Put them in the comment section below.
Share this post using these icons:
- The Best Small Business Platform is WordPress
- WordPress plugins: 5 things you not expect them to do
- How to Choose a WordPress Theme for Your Affiliate Marketing Blog
- Shopping Cart for WordPress Pay Pal Plugin
- How To Install WordPress – Free Beginners Guide
- WordPress 2.7 Upgrade
- How To Tweak Your WordPress Theme On The Fly
- WordPress Backup And Database Optimizer Plugin
- Should You Upgrade To WordPress 2.5?
- Update Your WordPress Plugins