One drawback to being the hugely successful platform that is WordPress is it can, if not properly maintained, become susceptable to security issues (hacks) the following five points below will go some way to secure a WordPress site. I can’t offer any solid guarantees but the following should be thought of as ‘best practice’ in order to help keep your WordPress site secure.
1. Keep Plugins, Themes and WordPress updated
I’m not saying the moment there are new versions available of each of these update immediately, I would advise a little caution, particularly with a major WordPress update, i.e. 3.4 to 3.5. Often these may cause conflicts with your existing plugins or themes so keep an eye on the WordPress Support Forums and take note of any reported problems. With plugin and theme updates, its more likely the author has fixed an existing problem so its likely you can upgrade, but still worthwhile checking the forums for any issues before you make your move. You could eradicate any of these issues by signing up for an excellent managed WordPress hosting package.
2. Remove the ‘admin’ user
In every other walk of life its always sensible to use a fairly unique username, so why not WordPress. In essence by using the admin username you are doing half the job of any individual trying to access your site.
3. Install the Better WP Security Plugin
After fairly rigourous testing, I had five semi dormant sites on a long forgotten host that were all hacked, after fixing them I tried out a number of the leading WordPress security plugins and can confirm the only plugin that remained untouched by further attacks was Better WP Security. Again though, a word of caution, this plugin has a vast number of options many of which can cause conflicts with other plugins or even themes. To avoid the majority of these conflicts but maintain a secure installation I’d advise using the following options;
- Remove admin user
- Remove user id1
- Change the database prefix
- Protect the login area
- Hide the WordPress admin area
4. Take Regular Backups
Unfortunately, none of these measures will guarantee your site is free from security problems, what I can guarantee is the site in question will be a million times easier to fix if you have a backup. Thankfully Better WP Security will do this for you, just head to the backup panel and enable scheduled backups.