How to Secure Your WordPress Site

Posted in Articles

Tweet This Share on Facebook Bookmark on Delicious Digg this Submit to Reddit

1.  Keep WordPress core updated

The best way to keep your WordPress secured is to keep your WordPress updated.

2. Don’t Use “admin” as your username.

If your wordpress login is “admin”, this got to be changed.  “admin” is the default username.  But not using this default, you make it way harder for them to do a brute force attack.  Now they have to guess the username AND the password.

3. Disable code file editing via dashboard

Placing this line ….

define('DISALLOW_FILE_EDIT', true);

in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users.

4. Don’t use the “wp_” prefix for your database tables.

If your database table are prefixed with “wp_”, this can be changed by a skilled developer.

5.  Keep Themes and Plugins updated

And remove those that you no longer use.  The reason is that some themes/plugins may be using scripts that may have security holes.  (For example, TimThumb script was one).