Rock Solid WordPress: 7 Quick Strategies to Beef Up Your Security

If you’re responsible for a WordPress site then you need to know how to keep it secure. You cannot afford to leave your product and investment unprotected. Most of these strategies will take you under two minutes to implement but can save you many hours of agonizing over how to clean up a mess created by the ravenous robots that roam the internet. You’ve heard the nightmarish stories of friends who have been hacked but you will never be among them if you take the time to implement a WordPress security strategy. Here’s a few quick strategies that will help you to make your WordPress installation less vulnerable.

Add a New User With Admin Permissions and Delete the Admin User

You may have heard this before but may not have taken the time to do it. This is the easiest and perhaps one of the most important adjustments you can make to boost your security. Don’t ever use “admin” for a username. All the robots who target WordPress know that it automatically generates the admin user and that most people are unlikely to change it. Create a new user first and make it an administrator. Select a username that is not easy to guess. Then use it to delete the admin user.

Allow Only Your IP Address to Access the wp-admin Directory

If you are the only person you want to have access to your blog and you don’t have any editors or contributors, considering denying access to every IP address except your own.  The wp-admin directory is vulnerable to attack, but this quick .htaccess trick will help you to protect it from security risks. Add the following code snippet to your .htaccess file. Replace the xx.xx.xx.xx with your static IP address. You can list multiple IP addresses by entering them on another line if you wish to allow access from other places.  
{code type=html}

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx
{/code}

Credit: Web Designer Ledger

Use SSH Instead of FTP

If you really want to cover your tracks and keep sniffers off your trail, use SSH to access your WordPress files instead of FTP. PuTTY is a free SSH client that you can use to transfer files between your machine and your server. SSH uses cryptographic technology to secure your session and will help keep you safe from traffic sniffers.

Get Regular Security Scans

This is essentially like a dental checkup for your WordPress blog to ensure that you don’t have any cavities. There are plugins that will take care of this for you. One is WP Security Scan. This plugin will scan your blog and notify you of any vulnerabilities and suggest things for you to do to make your blog more secure. It checks passwords, file permissions, database security, version hiding, WP admin protection/security, and removes WP generator meta tag from the core code of your blog.

Keep Your WordPress Version Updated

Chances are that your blog has not attracted the attention of a malicious hacker intent on destroying you. However, there are wicked armies of robots out there using any number of automated methods to try to exploit security holes in your installation. I know that upgrading can cause some tangles with plugins and is from time to time a huge pain, but it is necessary for your blog’s security, even if you’re not desiring new and updated features. Robots are very familiar with WordPress and know how to hack it, but if you keep your blog on the cutting edge you will generally be one step ahead of them.

Password Protect Your Most Important Directories

Enlist the help of AskApache Password Protection For WordPress. It adds multiple layers of security to your blog. The plugin is simple tot use. Simply choose a username and password and you are done. The plugin writes the .htaccess file without messing it up, encrypts your password and creates the .htpasswd file as well as setting the correct security-enhanced file permissions on both. Beyond keeping you safe from malicious attacks, it may even assist you in decreasing spam received on your blog.

Change Your WordPress Database Tables Prefix

This will help to protect you from SQL injections that can make your blog into a link farm. If this has ever happened to you, then you know it’s basically like getting heartworms. If you want to add an extra boost of protection when you install WordPress, make your table prefixes unique by editing wp-config.php file:

{code type=html}
$table_prefix = ‘wp_’;
{/code}

Change the ‘wp’ to something that is meaningful to you and this will automatically make your database more difficult to inject than 99% of all WordPress blogs.