WordPress is a fantastic publishing platform for virtually any website and very popular amongst SEO’s due to its ease of management, SEO friendliness and promotion of content generation.

The problem with using such a popular sand easy to use platform however is the ease of which it can be hacked which can have a disastrous effect on your rankings and traffic. Here are six quick and easy things you can do to help secure WordPress before that happens to you.

For a more detailed look on how to add to the security of your WordPress install go to http://codex.wordpress.org/Hardening_WordPress

1. Make sure your WordPress installation is up to date.

An obvious one, but ensuring you are always using the latest version of WordPress will keep your site patched with all the latest fixes, including security holes, that users within the community have found and resolved. As well as keeping your site secure, each update generally includes some new functionality so you’ll have some new things to play with also. It’s worth keeping a backup of your files, folders and database files before you update as, trust me, sometimes an update doesn’t always go smoothly.

2. Remove The Admin User

The default username for WordPress of ‘admin’ is an easy to presume username for any hacker. By using an alternative username, any script running on the presumption of an ‘admin’ username is going to fall short. To do this, create a new username with Admin authority, log out, log back in with your new username and delete the admin user.

3. Use a Different Tables Prefix

The default table prefix is ‘wp_’ and is something, again, presumed by any scripted attack against your site.

$table_prefix = ‘wp_’;

If you are installing WordPress from fresh, you can set the table prefix in wp_config.php before the install. To do this, open wp_config.php, and change the value within $table_prefix from ‘wp_’ to whatever you would like, E.g. ‘travelsite_’.

If you already have WordPress installed you need to first rename your tables. If you are using phpmyadmin, simply open your database, click on a table and select ‘Operations’ in the top right. From there, change the value in ‘Rename table to’ to your new chosen table prefix. Following this, edit the wp_config.php file as above.

4. Only Use Plugins That You Trust And Have Read Reviews About!

Take a look at the plugins you are using within your WordPress installation – are they popular/known plugins? Why did the person create the plugin? Have you read the reviews? Poorly coded plugins can unwittingly design a plugin that puts your site at risk and if they’re not updated regularly, provide a gaping hole in your site for hackers to exploit. Review the plugins you are using and look for more trusted/secure plugins that provide the same features.

5. Use A Reliable And Safe Web Hosting Provider

Using a decent host will not only provide a fast experience for visitors to your site but also usually come with added security in how they manage their shared hosting services. Ask your hosting provider what security measures they have in place. If a hacker were to gain access to a shared server they would have access to every site on the server, including yours.

Personally I’m a huge fan of Hostgator and use them for all of my sites, including the training company that I run (my day job! )

6. Make Sure To Remove The Version Information

When viewing the source code of your pages you’ll see various commented text with author and version information. Hackers can use thus information to target sites that are using venerable versions of WordPress and plugins.

There are various ways to do this, but a quick, simple and safe way to do this is to add the following line to your functions.php file.

remove_action(‘wp_head’, ‘wp_generator’) ;

This will remove the WordPress version info from your site. Removing the version info from plugins will be unique to each plugin and is likely to be a little more tricky.

That should get you through the night when it comes to basic hardening of your wordpress install!

I hope you enjoyed it and feel free to comment!

Cheers,

John Detlefs

PS: This by no means is an exhaustive list… and if you don’t want to go through all the rigmarole of doing all this yourself, why not download one of the many security plugins that are available?

Here are my Favorite WordPress Security Plugins

About John Detlefs

John Detlefs is a self confessed WordPress nerd who enjoys playing around with his and his clients websites and online business and getting the best out of them.

He is also the CEO of CFGT, a registered training company in Sydney, Australia which boast clients such as Covermore Travel Insurance, Serco, Coles Myer, Wesfarmers, Centrelink and more!