Posts Tagged ‘essential’

Rounding the day off with one more Quick Tip post for your WordPress security with a few housekeeping items that may just make the difference:

• Only install plugins from WordPress – these will have been approved by the bods that know (this is not to say that plugins from other sources are not reliable, but you know that you can trust those listed by WordPress).
• Keep your WordPress and plugins, etc current – whenever you see a newer version available for update, do it (or get your Blogmistress to do it for you!).
• Activate your Akismet plugin if you haven’t already – just do it – it’s useful and does the job.
• In your Settings, General – uncheck the Membership  - Anyone can register, unless you really want them to.
• Remove any unused plugins
• Backup! If you don’t already run a regular backup of your WordPress, well… Do it now – install WordPress Database Backup and schedule at least a weekly backup (more frequent if you’re a busy blogger
• Restrict bot access to private files by using your robots.txt file.  Add the following to your robots.txt file (which is stored in the same place as your www.yourdomain.com/index.php file) if you have one, and if you don’t you can create one in Notepad and upload it using your ftp client (of give us a shout to help if you prefer)

Disallow: /wp-admin/
Disallow: /wp-include/
Disallow: /wp-content/plugins
Disallow: /wp-content/themes

Now – if any of this does not make sense, shout and we’ll help you. Or if you have tried and tested security solutions that you recommend, let us know. Today’s tips are be no means all that can be done – they are simply basic things that most of us can do immediately and which should offer a good level of security… at least until the hackers work even harder. But then WordPress developers are always hard at it to provide the highest level of security for us. Sadly, as WordPress becomes ever more popular, it makes it more likely as a target. Thankfully there are good geeks out there helping us keep things secure.

Today’s Essential Security Quick Tip 2 includes a number of plugins for you to consider:

• Secure WordPress – some good basics
• WP Security Scan – from the creator of the popular All-in-One SEO plugin – another essential
• Login LockDown – simply adds some extra security by restricting the rate at which failed logins can be re-attempted from a given IP range.
• Stealth Login includes a stealth mode that prevents direct access to wp-login.php

Some of this may seem like overkill, and that’s just on the 2nd post on security, but if putting up these barriers keeps your blog safer…

Over the next few days we will post essential security tips for you to action – hackers are busy and however small your blog may seem in the grand scheme of the blogosphere, they’re not that fussy.

Each of these tips we will be adding to all the WordPress clients we look after, so you don’t need to worry (though you are encouraged to get stuck in and be aware of this yourselves!)

If someone wants to get in to your WordPress, what is the most obvious administrator level username to target? There are several ways to protect your “admin” username, but this is one of the simplest things to do:

1. Create a new admin level user in your WordPress (if you don’t already have one)
2. Give it a strong password of random letters, numbers and some symbols – such as gjoieng397vj%! (please don’t use that one at all!!)
3. Logout then login as the new “admin” user
4. Downgrade your existing “admin” username to subscriber

There is more for you to action, but start off with this. Next we’ll install some plugins that will help to secure your WordPress.