If you are using your WordPress blog site for some serious, it goes without saying that the security should be of top priority right from the day one. There are many levels of WordPress security which need to be taken care of, however, in this post we shall discuss some of the basic measures which every WordPress site should take care of right from the start. There are many reasons for starting out on security early. Apart from the cliché ‘Prevention is better than cure’, it is also easier to implement effective security measures on a fresh blog site than an established one.
There are certain assumptions that we follow throughout the tutorial. We assume that you are aware of the basics of WordPress i.e. know how to navigate through the dashboard and understand, at least superficially, the structure of a WordPress site. Since, we are going to start at the basics, the learning curve for the tutorial won’t be very steep, because we shall cover most of the things in details.
Backup Data
Like all the WordPress maintenance and tweaks, this too start with backing up your data. We wouldn’t want any loss to your data if something goes seriously wrong during implementation of these security measures. If you have used WordPress long enough, you might already have a favorite plugin for backing up. As for our recommendation, you can use Backup Buddy plugin (it is very simple to use, and most of the users sail through without any jitters).
Update and Update
Keeping the setup updated is a very important security measure. New WordPress releases often fix bugs and other known weaknesses in the site. Since, this is a cumulative process, it is advised to stay updated all the time. So, every time you are notified in the admin panel that a new version of WordPress is available it is strongly advised that you update. As an auxiliary advice, make sure that you backup data before clicking the update link, because there are a 100 things which can go wrong in the update process.
Securing the Server
After you have finished installing WordPress on a server, make sure that it is secure. Preliminary investigation would be to see if the directories are visible from the Web. This is a not a very rare problem, and if it is there you will leave your WordPress site vulnerable in the worst possible way. There are many ways to ensure that the directories are not visible from the Web.
- Find a Secured WordPress Hosting Solution. It’s nothing more than important that your web host know how to secure your WordPress site at system level and apply OS patch on time. Only your WordPress Hosting is secured than your WordPress site could be secured. If you don’t know how to choose, you can refer to our Best WordPress Hosting list, or use HostUCan WordPress Hosting search tool to find a good one.
- Include a blank index.html file. Every time a browser is directed to the directory, it would be automatically be directed to the blank index HTML file.
- Editing robot.txt file. Adding Disallow: /wp-* to the robot.txt file. Doing so will hide any folder starting with ‘wp-’ from public view. Of course, if you want to secure the whole of the server, it is better to include all the folders in the Disallow command.
- Checking FTP permissions. Ensure that people who have the access to the folders, are the authorized to do so. Look for 777 permissions. Lessen these permissions for critical WordPress folders and files to a level in which it is not editable in the public domain. In the FTP terminal you can use chown and chmod commands to change permissions. This step is a little critical, because there are files which actually need special permissions to function under the WordPress framework. So, make sure you don’t end up messing with critical privileges.
In Summary
After doing all that’s written in this post, you are certainly not done with security. As was mentioned earlier, these are just the basic level measures. You have certainly completed the first step to many of the advanced level security measures. It goes without saying that Security is a vital aspect of any online endeavor. The depth to which you should go in order to implement security depends on the type of the blog you run. If you own a site which stores sensitive information or customer data, then some extra care should be taken. On the other hand, if the blog is for personal purposes, these basic steps would suffice. Keep WordPress updated and you are done!