If you’ve been following along, you’ve learned a thing or two over the past week and a half about securing your WordPress site by changing your username and password, installing some plugins and backing up your database.
It’s not rocket science, really, it’s just something many of us don’t take seriously…until it’s {insert dramatic “da-da-da-daaaaa”} too late.
Here are some more tips to keep your WordPress blog or website as secure as Alcatraz.
- Keep your WP version up-to-date. Good Lord people, this really should be a no-brainer. Why are you still using out of date versions of WordPress? Do you realize how much time those slimy little hackers spend, sitting in their parents’ basements, eating M&M’s, drinking Red Bulls and trying to find vulnerabilities in older versions of WordPress and many other applications? Download the latest version. Now. Or if you installed WordPress through your web host’s one-click install or Fantastico, then you can upgrade from there (but remember to backup before you upgrade!) Geez, at least make it challenging for them to break into your site.
- Secure your wp-admin folder. It should only be writable by your user account! If you don’t know how to change directory permissions, then do yourself a favor and find out or call your web hosting company. This practice is called chmod where you can change the read and write permissions on files and directories.
- Change your table prefix. Many SQL-injection attacks assume your WordPress table_prefix is “wp_,” which is the default. If you’re installing a fresh WordPress and you have the option to choose your table_prefix, please do it and don’t choose wp_ or wordpress_ or wrdpress_ or any variation. This is not to guarantee your tables are secure, but it may keep many SQL-injection attacks at bay.
- Read this step-by-step account on hardening your WordPress site. It advises that you do the obvious and the not-so-obvious, like securing your wp-config.php. Most people only use the one-click install and leave it at that. By doing so, they leave themselves wide open for an attack. Pay special attention to the fact that in most cases, you’re site is hosted on a shared server and just because you are taking precautions to protect your site doesn’t mean the hundreds of other sites being hosted on the same server are which makes you vulnerable!
Now remember, all of my excellent advice does absolutely NO good unless your actual computers are secure. If you don’t have antivirus software that includes protection and detection of malware, spyware, and trojans, as well as Internet and email controls then you’re setting yourself up for hours, days, or even weeks of cleanup after an attack on your computer. That is, of course, if the attack didn’t completely wipe out your computer all together.
I’m pretty conscious about security and I have 3 computers at home, one of which is a laptop that I don’t use very often. It’s older, slow and I really only use it to check email or grab a recipe online when I’m away from my office or just piddling around the house.
One day a few weeks ago I opened my laptop and there was a message from Microsoft that I had been infected…or so I thought. Me being the expert at spotting suspicious messages, I quickly noticed that not only was the message not using proper English, something Microsoft would not dare let slip, but there was also a misspelled word. I wouldn’t have noticed any of this at first glance and I actually read it several times as it was hounding me to “click here” to download a fix. At that point I knew I had a virus.
Next thing I know this little virus or trojan or whatever it was kept opening Internet Explorer and trying to connect to something. I immediately disconnected it from the Internet and then began the cleanup process. See, I had let my antivirus software lapse on the laptop. Not because I just didn’t want to, but because I hardly ever use it and I just kept thinking I’ll take care of it next time. Well the little buggers got me before I got around to it.
Since then I have installed Trend Micro Internet Security Pro and it has far surpassed my expectations as far as any antivirus program I’ve used in the past. It has everything you need, protecting your computer, you from downloading infectious files online but it won’t even allow me to visit a url if that site has been flagged as suspicious, containing malware, spyware or is just plain bad.
Bonus is you don’t need a copy for every computer you own. You can install it on up to 3 computers which saves you money as well as headaches. I highly recommend.
Now go forth and protect yourself.
