Blog Security – 7 Important WordPress Security Practices

If you visited this blog in the last week, you may have seen a warning from Google about the presence of malicious software.  In fact, this was the case, due to lack of attention to important preventative measures. Has this happened to your blog yet?  If so, how did you repair it?  If not, what are you doing to prevent loss due to malicious attack and getting shut down by Google?

What are the best practices that you need to observe in order to limit vulnerability of your WordPress site?

1.  Install WordPress securely.  It’s not just doing a manual install vs. Fantastico automated install that provides protection, although using auto installers can pose certain risks, e.g., using a standard database name (wrdp_1).

2.  Using standard account name for admin, e.g., “admin.”  If you made this mistake, as most have, there is an easy fix.

3.  Installing unverified plugins.  Although you should only install plugins that are listed on WordPress.org, and thus vetted, there are other security holes, even in these.  You can check and fix security weaknesses before even installing a plugin.

Malicious websites attempt to install spyware ...

Malicious websites attempt to install spyware …

4.  Scan your blog for security risks.  There are tools that automate the process of finding/preventing security issues with your blog and fixing issues in the standard WordPress installation.

5.  Limit login attempts. WordPress plugins are available to prevent brute force hacking of your user accounts whether attempted via normal login or using auth cookies.

6.  HTAccess configuration.  Although not standard with WordPress installations, this important file must be configured in at least two locations for best security protection.

7.  Backups of WordPress.  There are many things that can go wrong in the life of your blog.  There are several types of backups including cpanel, database, full backup and others to consider in your backup strategy.

WP Secure Pro is a product devised by Wil Mattos and Jason Fladlien, two of the most savvy Internet marketers on the planet.  In addition, since their business is valued in the $ millions per year, they have a large stake in the security of their websites and depend heavily on their WordPress installations.  Their product is developed based on their own WordPress skills as well as the insight of the foremost WordPress security expert in the business.

If you depend on your blog for a living, or plan to, then this security product is definitely for you. There is also a security guide from Matt Garrett on how to secure your blog using available free plugins.  Unfortunately, we found out the hard way, but perhaps you have the option to take preventative measures.  The good news is that if you’re using WordPress, as with many other everyday tasks in a dangerous Internet environment, at least you don’t have to do all the heavy lifting.  Many tools are readily available to quickly solve any security nightmares you may be facing.