Table of Contents
- 1 Update WordPress regularly
- 2 Select a good admin username and strong password
- 3 Use a two-factor authentication plugin
- 4 Only install plugins and themes from trusted sources
- 5 Update plugins and themes regularly and remove anything not in use
- 6 Disable ‘trackbacks’ in the WordPress settings
- 7 Check the file and folder permissions
Over the years there have been numerous cases of WordPress blogs being compromised in various ways. To be entirely honest however, most of these cases could have been avoided – if the proper steps were taken.
Assuming you’d like to ensure that your blog isn’t vulnerable and is as secure as possible, here’s what you should do:
Update WordPress regularly
In general WordPress itself is relatively secure and each update plugs various vulnerabilities. As such the more up-to-date it is, the more secure your blog will be.
Select a good admin username and strong password
The default ‘Admin’ username is way too easy to guess – so be sure to change it to something else. Also make sure the passwords that you use are strong, and feature a mix of lowercase letters, uppercase letters, numbers and symbols.
Use a two-factor authentication plugin
To make sure your WordPress login is secure you should install a two-factor authentication plugin. Nowadays there are numerous choices out there, some of which even offer a different slant from the standard mobile-authentication.
Only install plugins and themes from trusted sources
While there are many places where you can find plugins and themes – some may introduce vulnerabilities unintentionally (or intentionally). The safest thing to do is only install plugins and themes from WordPress itself, or from other big websites that scan their content regularly.
Update plugins and themes regularly and remove anything not in use
It makes sense to update any plugins or themes as regularly as possible to make sure any vulnerabilities are plugged. At the same time you should remove any themes or plugins that you aren’t using – to keep it clean.
Disable ‘trackbacks’ in the WordPress settings
If you go to the WordPress settings you’ll find an option under ‘Discussion’ that says ‘Allow link notifications from other blogs (pingbacks and trackbacks)’. Make sure the option is unchecked – it isn’t all that important, and will help to avoid denial-of-service attacks.
Check the file and folder permissions
Be sure to check your file and folder permissions, as the wrong settings could allow other users to modify or even delete your WordPress files. Ideally your folders should be set to 755 and files should be set to 644. If any of your files or folders are set at 777 – that could be deadly.