A review of some security precautions you can take to secure your blog, plus a couple of areas that are often overlooked.
Securing your Wordpress installation against hackers means you have to look at areas beyond your installation itself. Don't leave other doors open.
If a hacker is absolutely determined to get into your site they're probably going to succeed. But you can protect your WP installation from the mass bot hackers with a few common sense precautions.
Here are some steps you can take:
Firstly, make sure you keep your version of WordPress up to date.
In addition to that, I've changed my login name from admin to something else (long and complex), made sure my password is as strong as I can make it, I've put an extra layer of security around the wp-admin directory, created a blank index.html file to hid the plugins I'm using and a few other steps.
There are a number of good plugins that will carry out those steps and continuously monitor your blog for security vulnerabilities. I do recommend you install one of these - and keep it up to date!
The risk increases in line with the number of users to whom you give access rights. I don't have guest bloggers, but if I did I'd ask them to send me their articles for posting, instead of giving them access rights. I also don't ask people to register.
But there are some areas that people often overlook, and which allow hackers to get access to your Wordpress installation via your FTP details.
If you're not using SFTP (or Secure Shell Access if your hosting provider doesn't support SFTP) then your FTP login details are being transmitted across the Internet in clear every time you log on and upload/download stuff.
I back up my blog system files each week by copying everything back to my PC. Since this takes around an hour there's plenty of opportunity for someone to intercept my FTP details.
Also, of course, you could have spyware on your machine which would pick up your FTP logins from there. (Along with all your other logins!).
Make sure you include your entire PC environment when you're putting security in place - not just your WP installation.
In addition to all those WP specific precautions, make sure your PC is absolutely clean (use a good anti-spyware application and scan it regularly) and use SFTP or Secure Shell Access to upload/download stuff from your server.
10 Steps to a Successful Internet Marketing Business
Here are 10 steps to help you get your expectations set correctly and acquire a mindset that will dramatically improve your chances of succeeding in your Internet Marketing business.
How to Get Your New Websites Indexed More Quickly
A list of 10 SEO steps I undertake with a new site to give it the best possible start with the search engines and make it more resilient against algorithm changes.
4 Steps to Getting Your New Site Listed on Google
4 simple steps you can take that will ensure your new website is indexed by Google as quickly as possible.
