There are literally hundreds of simple and complex ways to secure your site. These are the simple things you can do to harden your WordPress installation. They won’t guarantee that you won’t be hacked, but it will make life difficult for the would-be intruders. With over 50 million blogs on the internet, hackers have plenty of blogs to choose from. Make it harder for them to target yours with these simple tricks

WordPress Made Easy….

1. Keep your WordPress installation AND plugins up to date.
   New versions are released all the time, many of which include security patches. Do it now and do it often.
2. Create a blank file called index.html and put it in your /wp-content/plugins folder.
   This prevents users from listing what plugins you are using, and possibly figuring out that you are using an out of date plugin. But…. if you did step #1 already, you shouldn’t have to worry about this… right?
3. Change the ‘Admin’ username
   The default Administrator username is Admin. How easy would that be for someone to guess. Log into the WordPress Admin page and create a new username/password. Give this user Administrator privileges and delete the default Admin username. Make would-be-hackers guess 2 pieces of info (username & password), instead of giving them the username and having them guess the password. Also, always remember…. give your account a good tough password. Use a password with at least 8 characters that includes upper and lower case, at least 1 number and at least 1 character.
4. Implement the LoginLockDown Plugin. (Download here)
   Its a very simple plugin to install, yet very powerful. The default settings will allow 3 login failures before locking the IP address out for 60 minutes. This prevents automated programs from trying to guess your password using brute force. Copy the enter folder to your plugins directory. In your WordPress Admin page, activate it. Now under Settings, you’ll see a new option for Login LockDown. The default settings are fine but you can always adjust it if you have the desire to.

WordPress, Made Easy…

Ugly URL - www.pressedbyambie.com/?p=256
Pretty URL - www.pressedbyambie.com/first-steps-must-do/customize-permalink-structure/

Notice the pretty URL is very descriptive of the post, and readable. Search Engines love em, and they will hook you up with a better page rank.

Fortunately, Wordress offers a nice plug in to customize and beautify your URL structure. If it’s pretty to search engines, your hit count and page rank should go up. From your WordPress administration page, go to Settings then Permalinks.

There are hundreds of different ways to configure this. Notice you can use the 3 pre-defined structures, or you can use a Custom Structure. I prefer using the Custom Structure and populating the field with this:

I like it because the URL becomes very readable in a structured manner, almost like what webmasters like to call Breadcrumbs.

domain name >> category >> post

It also stuffs keywords into your URL, again, search engines love it. Befriend the search engine, make them your biggest fan and watch your hit count go through the roof.

I would also advise against using dates in your link structure. If you decide to change the date on one of your post, the link will change with it, and there goes your Page Rank.

The most important part of what you have just done is what you are to do next.

DO NOT TOUCH IT AGAIN!

Don’t change it, don’t look at it again. The reason this article is in the “Do This First” category is that once you setup your structure, search engines will cache this. By changing it, you’re going to confuse the heck out of the search engines and you may have to start over with your SEO. There are tricks that can be done with .htaccess to resolve this, but that’s a can of worms your really don’t want to open. Trust me. Spend your time blogging instead of trying to figure out .htaccess.

WordPress, Made Easy…

I recently spent some time at a bloggers network meeting (how geeky is that, but I actually enjoyed it). There were about 20 bloggers who all made a living with their blogs. Several of the members make over a quarter million dollars a year! Some of these people have been blogging for over 10 years now. Did blogging even exist 10 years ago? Apparently it did, and they took advantage of it’s power before it was officially ‘discovered’.

They were all gracious enough to allow me in the confines of their brains, while taking morsels of information with me to pass on to you. One question that I passed around was, “If you were to start your blog from scratch, knowing what you know now, what would you do differently?”. The most common answer, by a land slide…..

“I would use a real domain name”

Most of these bloggers use XXXXX.typepad.com or XXXXX.blogger.com as their primary blogs. Although these names are working fine for them, they can’t change it without losing the years of hard work getting their pages ranked.

Now here they are, stuck with their XXXXX.typepad.com domain name, making a $250,000 a year from home. Who has pity for them? I sure do. I think if they had a ‘real domain’ name, they could be making $500,000 a year.

This article is in the ‘First Steps - Must Do!” category for a reason. Trust me, you really won’t want to do it later.

All of my domains were registered with Godaddy. The prices they offer, along with the extensive admin page makes them my choice for domain registration.

WordPress, Made Easy…

If you haven’t already done so, log into your WordPress admin page and go through the process of activating the Akismet plugin. What is it? Think of it as a spam filter for the comments in your blog. The type of spam you will get will surprise you, as well as the amount you get. Automated systems are on the prowl, looking for blogs to spam their links and ads. This is a good little spam blocker and comes pre-loaded with WordPress 2.0+. Setup can be a little confusing. Here are some screen shots to guide you through the process.

1. Go to Wordpress.com and setup an account. You’ll need a username, password, and a valid email address. Agree to the terms and select ‘Just a username please’. Here’s a screen shot. Click Next.
2. You’ll receive an email from WordPress with an activation link. Click on the link to activate your account.
3. Soon after you activate, you’ll receive another email with your API Key. In your WordPress Admin page, go to Plugins, then Akismet Configuration. Copy the key and paste it into the Askimet Configuration page.
4. Click on ‘Update Options’. You’ll see a message saying ‘Your key has been verified. Happy blogging!’. Now you’re ready to go, spam free comments.

WordPress, Made Easy…