Security is a concern for any software user or developer. Since nothing man-made is perfect, all software inherently has flaws that make it susceptible to hackers. WordPress is no exception. However, there are some very simple things you can do for a more secure Wordress installation.
1. Create strong and unique login credentials.
This means, first of all, getting rid of the default username and password. Change the default username to something harder to guess and more personal. Also, change the password assigned to you. A secure WordPress password is a combination of at least eight upper and lowercase letters, numbers and symbols.
2. Keep your WordPress updated.
As we mentioned above, no software is infallible. The great thing about WordPress is that it has a huge community of users, developers and experts that work tirelessly to keep WordPress going.
If you do nothing else in the way of security, be sure to keep your WordPress updated.
3. Remove unused plugins.
Unused plugins are a “chink in your armor”. The old or unused code found in an inactive pluin provides a backdoor for hackers. You should also try to use as few plugins as possible. If one plugin gives the same functionality as three others, go with that one.
4. Security through obscurity
“If they can’t find it, they will not come.”
This should not be your only or primary approach to security. But in some areas obscuring information might provide you with a more secure WordPress install:
- Rename the administrative account: When creating an administrative account, avoid easily guessed terms such as
adminorwebmasteras usernames because they are typically subject to attacks first. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command likeUPDATE wp_users SET user_login = 'newuser' WHERE user_login = 'admin';, or by using a MySQL frontend like phpMyAdmin. - Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is
wp_, the default. Changing this can block at least some SQL injection attacks.
If the above makes no sense to you or if you are “code intolerant” continue to #5.
5. Install A Security Plugin.
iThemes Security (formerly known as Better WP Security) is widely-talked about free plugin that manyWordPress industry experts recommend. It is available free at the WordPress repository. iThemes also offers a premium version of the Plugin with upgraded features.
We at KlearVue, have used the iThemes Security plugin for several years on various projects and have found it to be very effective.
This is by no means a comprehensive list, but it is a beginning to a solid foundation for your WordPress site. Let us know what you think. If you have used some of these tools, we’d love to hear about your experiences in the comment section below.