WordPress security

I love WordPress! It’s such an awesome Content Management System — much easier to upgrade than Joomla or Zen Cart, excellent plugins, easy to develop child themes. But scumbags out there love WordPress as well. Every morning when I check email, there are security alerts from my WordPress websites about hacking attempts. I hate to call it “hacking” because I like to think of hackers as computer gurus like Abby on NCIS or Penelope on Criminal Minds. Instead, the people trying to break into my websites are probably pimply-faced little twits with too much time on their hands and absentee parents. Or slimeballs. Sewer scum.

Either way, it’s a full-time occupation to keep security locked down.

The first time I “banned” an entire country, I felt bad. What if someone from Ukraine had a legitimate interest in visiting any of my websites. I decided to count attempts: after seven security alerts from one country, that country is banned. Brazil is getting close.

I’ve developed a checklist for each WordPress website. When you get a website through Lodestar Graphics, this is part of the on-going maintenance.

  • Backup the database!
  • Backup files
  • change the database prefix
  • Update WP. Make sure you are using the latest version.
  • put an empty index.html in the plugin directory
  • check permissions
  • .htaccess
  • wp-config

Must-have Plugins:

  • Block Bad Queries
  • Exploit Scanner
  • Login Lock
  • SI Captcha
  • WordPress Database Backup
  • WordPress File Monitor
  • WordPress FIREWALL 2
  • WP Ban
  • WP Security Scan
  • Ultimate Security Checker
This entry was posted in websites and tagged , . Bookmark the permalink. Both comments and trackbacks are currently closed.