As many of you know my blog was recently hacked and after a bit of pain and suffering I now have a brand-new, spam-link-free, version of the blog. Through this experience I’ve learned a lot about how to secure a WordPress blog. I was thinking of writing a long five-page post on every step you can take to secure your WordPress blog but realize that would be giving-away some great content for the next edition of my book! Plus – at the end of the day I want to provide some quick and easy-to-implement tips that you can use right-away to secure your WordPress blog.
Just follow these three steps below and your WordPress blog will be infinitely more protected than it was just a few minutes ago!
1) Don’t use the “admin” user as your administrator.
The first thing you can do to secure your WordPress blog is to downgrade your admin user to a subscriber. Before doing this make sure to make a new user with a random username that is your administrator. The admin user is what many hackers will be trying to gain access to and if they login as admin and realize they have no access privileges your blog will become less interesting to attack right-away. This takes one minute to do and you’ll feel more secure immediately!
This advice is good for more than just WordPress – when a new version of software comes-out it is to your advantage to upgrade as quickly as possible. Security holes can be exploited very quickly and in an automated fashion – your blog could be attacked without anyone specifically targeting you but simply targeting a security hole in the version of WordPress that you are running. If you see that a new version of WordPress is available – upgrade right-away!
3) Install the WP Security Scan Plugin
The WP Security Scan Plugin is a great way to make sure your WordPress install is secure and applies some great security provisions on your blog. On top of automatically securing your blog itself the plugin can also provide security scans and let you know of any potential vulnerabilities you may be exposed to. This is a must-have plugin and it does a lot of the work for you which is always nice!
That’s it! Follow these three steps and you can sleep better at night knowing your WordPress blog is more secure. Remember, like I said, I could write five pages about this (or more) and make a post with the top 100 ways to secure your WordPress Blog…but who wants to read all of that? By following the three steps above you’ll be more secure than about 99% of the WordPress blogs out there.