RSS

Keep the Bad Guys Out

Wed, Jun 18, 2008

First Steps - Must Do!

Keep the Bad Guys Out

Securing your WordPress installation is important because it can save you time and headaches later. A default installation of WordPress is relatively secure, but still has some holes.

There are literally hundreds of simple and complex ways to secure your site. These are the simple things you can do to harden your WordPress installation. They won’t guarantee that you won’t be hacked, but it will make life difficult for the would-be intruders. With over 50 million blogs on the internet, hackers have plenty of blogs to choose from. Make it harder for them to target yours with these simple tricks

WordPress Made Easy….

  1. Keep your WordPress installation AND plugins up to date.
    New versions are released all the time, many of which include security patches. Do it now and do it often.
  2. Create a blank file called index.html and put it in your /wp-content/plugins folder.
    This prevents users from listing what plugins you are using, and possibly figuring out that you are using an out of date plugin. But…. if you did step #1 already, you shouldn’t have to worry about this… right?
  3. Change the ‘Admin’ username
    The default Administrator username is Admin. How easy would that be for someone to guess. Log into the WordPress Admin page and create a new username/password. Give this user Administrator privileges and delete the default Admin username. Make would-be-hackers guess 2 pieces of info (username & password), instead of giving them the username and having them guess the password. Also, always remember…. give your account a good tough password. Use a password with at least 8 characters that includes upper and lower case, at least 1 number and at least 1 character.
  4. Implement the LoginLockDown Plugin. (Download here)
    Its a very simple plugin to install, yet very powerful. The default settings will allow 3 login failures before locking the IP address out for 60 minutes. This prevents automated programs from trying to guess your password using brute force. Copy the enter folder to your plugins directory. In your WordPress Admin page, activate it. Now under Settings, you’ll see a new option for Login LockDown. The default settings are fine but you can always adjust it if you have the desire to.

WordPress, Made Easy…



Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • StumbleUpon
  • Technorati
,

Contact the author

2 Comments For This Post

  1. salwa Says:
    July 10th, 2008 at 7:46 pm

    Great post and thank you for the plugin link. I was looking for something similar to that.

  2. ambie Says:
    July 11th, 2008 at 1:47 pm

    thanks salwa. The plugin is nice. I’m sure you’ll find it’s a keeper.

Leave a Reply