» Wordpress Blog Security Measures

Here area a few tips and tricks to keeping your Wordpress blog or Wordpress CMS safe and secure. There are plenty of other tactics out there to take for increased security but these will get you started and should be considered best practice.

The Blank Index.html File
Most web hosting servers do not block site visitors from being able to view the root of any folder. To keep anyone from figuring out what is running your site you should put a blank index.html file inside your wp-content folder as well as inside uploads, themes and most importantly plugins.

The blank index.html file keeps anyone who might be snooping around where they don’t belong from finding out what theme you are using or the plugins that being used to run your site. The more a hacker knows about your site the more places he/she can look for vulnerabilities. So stop them ahead of time by placing a blank index.html file in the root of all folders within the wp-content directory.

Don’t Wait for Fantastico!
When security is at risk.. manually upgrade your Wordpress Installation… its not as difficult as one might think.. just be sure you back up everything before you upgrade. Auto-installers are great to get you started but in all honesty they more of hindrance. Everyone puts so much stock into Fantastico but its a hassle because it always takes so long to for them to get current. So while you’re waiting for Fantastico you’re getting owned by some hacker who is injecting bogus links into your posts. Forget about.. get a copy of filezilla and manually upgrade your site as soon as a security update is released.

Usernames and Passwords
I’ve got a few tips regarding your Wordpress username and passwords.

• Don’t ever let your browser save your username and passwords. This information is saved in a cookie which can get hijacked by a hacker.
• Always change your admin passwords everytime you upgrade your installation.
• Don’t use admin as your main administrator username.. that only leaves half of the problem to solve for a hacker trying to access your website.
• Make your passwords difficult, use both upper and lower case letters, use symbols such as ! $ & # @ and use numbers.

There is a great plugin out called WP Security Scan that offers several security tools like password strength and DB Prefix Updater.. to name a few. Aside from what I have detailed above you should check out the plugin and make your Wordpress installation bombproof.

If you have other security tips and tricks for websites, Wordpress Blog or CMS Installations please post your comments below.