In my book review WordPress 3 for Business Bloggers I told you that I missed one piece of content, which was options to secure your WordPress website, and that I would give you some tips on how to secure your WordPress website.
WordPress is a very popular Content Management System and as such is always under attack by hackers and crackers.
Most of the hack attempts are not focused on WordPress core security holes but rather plugin or theme security weaknesses.
Basics on how to Secure Your WordPress Website
WordPress security starts with the installation of your website and these steps can help:
- choose a good web host
- create a cryptic database and database username for your MySql database
- create a highly secure password
- don't use the standard wp_ prefix for ou tables
- don't use the standard Admin user name but create a more difficult username and matching secure password
After installation use the permalinks option to create a .htaccess file in the root of your website.
Once the installation is done you can remove the following files:
- wp-config-sample.php
- readme.html (contains information on what version of WordPress you are running)
- wp-admin/install.php
- wp-admin/install-helper.php
Secure your files by changing the permissions on:
.htaccess to 404 (or 604)
wp-header.php tot 400 (or 600)
if possible move your wp-config.php file one folder up and set the security to 400 or 600 if your hosting (aff) company won't allow 400.
Secure Your WordPress Website Plugin Options
There are four plugins I always install on my WordPress websites:
WordPress Firewall 2 monitors web request to your website and blocks obvious attacks.
File Monitor Plus this plugin will send you an email if a file has changed on your website and which file(s) are changed.
WP Security Scan will let you know if you already are under attack and will give you extra tips and aids to block some standard attacks.
Login Lockdown looks at login attempts that fail from a certain IP address and shuts down login functionality for a certain amount of time for that address preventing further brute force attacks.
All of the above measures have helped me to secure my WordPress websites from attacks on several occasions.
WordPress 3 Cookbook
I also got a chance to read WordPress 3 Cookbook, a fun concept that gives you “recipes” that you can use on your own WordPress website.
Here is a short overview of the chapters in this fine book:
Chapter 1: The WordPress Cook's Tools
Chapter 2: Installing and Customizing Themes (aff)
Chapter 3: Working with Plugins and Widgets
Chapter 4: Customizing Content Display
Chapter 5: Building Interactivity and Community
Chapter 6: Implementing Online Sales and Advertising
Chapter 7: Making an SEO Friendly Site
Chapter 8: Enhancing Usability and Accessibility
Chapter 9: Managing Maintenance and Improving Security
And yes this one has a chapter on security :-) but the rest of the book is also a very good read and gives you over 100 short practical articles that you can use.
I really enjoyed reading and implementing several of the recipes on my own WordPress websites and I really suggest you take a look at the WordPress 3 Cookbook
as it has some nice pearls in it … but that said you need to be aware that you should have a code editor and FTP program. I recommend PSpad and FileZilla
Bill says
You can’t even run a spellcheck on your content and you expect people to take you seriously?
Oh, and you should run down to the office supply store and buy a box of commas, then learn how to use them. Wait – commas are free!
I guess you just need to learn how to use them!
Herbert-Jan van Dinther says
@Bill, thank your for pointing out some of my errors and yes I do need to improve on my English writing (I am Dutch). I recently came in contact with a good editorial reviewer, who I plan to hire to clean up the site and reduce the errors. I know those errors come from my lack of English Grammar and punctuation knowledge.
Hopefully the content provided on this site will make up for these errors.
P.s. text is cleaned up now :-)
Irritated with petty people says
Bill: Perhaps you should refine your own sentence structure and semantics before you waste time posting criticism. Perhaps also you might learn that spell check is spelled properly by writing it in two words. Perhaps you need to wash your windows in your glass house.
Thank you Herbert-Jan for your post.
Herbert-Jan van Dinther says
@Irri: In Bill’s defense, there where some pretty horrible errors in this post before, so his comments were valid, the post was edited afterwards.