When wanting to secure your WordPress installation, there are a few steps that you can follow.
1. EVERY WordPress installer creates an admin account with a random generated password.
If you keep using the admin account, every attempt to access your account will be 1000x easier.
Change the account name to something else, it makes their job very difficult. Also, change your password at least once a month.
2. Themes/Plugins/Files... Never upload them directly to your web server.
Always scan them with either VirusTotal or your local antivirus.
A big chuck of intrusions happen because of malware corrupted files.
3. Use an online virus scanner for your WordPress instalation.
If there is any malicious code on your site, it will find it. Good one is:
4. Protect your .htaccess files.
You can do this by installing a plugin called BulletProof Security.
Yet another thing that makes the job of accessing your CP that much harder.
5. But all of the above can be one way or another dealt with if someone is determined.
Get your hands on a plugin that lets you limit the login attempts from a single IP.
And if they get it wrong, lock them out. This makes access by force really unbearable.
6. This last tip is actually worth only using if you really want to protect your site.
Find a plugin that lets you decide which IP range can even access your admin login page.
While this will block 99.9% of traffic from any other source, it just may block yourself if your IP ever changes, so be careful.
Got any good tips yourself? Let me know below!
1. EVERY WordPress installer creates an admin account with a random generated password.
If you keep using the admin account, every attempt to access your account will be 1000x easier.
Change the account name to something else, it makes their job very difficult. Also, change your password at least once a month.
2. Themes/Plugins/Files... Never upload them directly to your web server.
Always scan them with either VirusTotal or your local antivirus.
A big chuck of intrusions happen because of malware corrupted files.
3. Use an online virus scanner for your WordPress instalation.
If there is any malicious code on your site, it will find it. Good one is:
Code:
http://wordpress.org/extend/plugins/antivirus/4. Protect your .htaccess files.
You can do this by installing a plugin called BulletProof Security.
Yet another thing that makes the job of accessing your CP that much harder.
Code:
BulletProof Security5. But all of the above can be one way or another dealt with if someone is determined.
Get your hands on a plugin that lets you limit the login attempts from a single IP.
And if they get it wrong, lock them out. This makes access by force really unbearable.
Code:
Limit Login Attempts6. This last tip is actually worth only using if you really want to protect your site.
Find a plugin that lets you decide which IP range can even access your admin login page.
While this will block 99.9% of traffic from any other source, it just may block yourself if your IP ever changes, so be careful.
Got any good tips yourself? Let me know below!
