What steps can I take to make sure that my Wordpress Site(s) are relatively safe from hacking.
Due to the open source nature of wordpress and the availability of plugins and themes from unknown third party sources, its possible that your wordpress installation can get compromised very easily if you do not take precautions.
We provide you with server space for your web site files, space which has several layers of security at the server level, however of course we give you full control of your hosting account including usernames and passwords and the ability to change folders which of course hands security over to you and away from us.
TOP TIPS TO PREVENT HACKING OF YOUR WORDPRESS SITES
Firstly, view this article by wordpress about wordpress hardening. It will give you an overview of how to harden your wordpress install.
Secondly, check out this article about how to secure wordpress: how to secure wordpress
Thirdly, protect your wordpress admin login page from brute force login: see how its done
NOT making sure your wordpress site is secure is asking for trouble, so we at least ask you to look at the following basic tips which only take a few minutes to implement.
- ALWAYS make sure you have the latest version of wordpress installed
- ALWAYS make sure you have the latest version of a plugin
- NEVER install a plugin from an unknown source
- NEVER install a wordpress theme from an unknown source
- NEVER EVER have any folder or files on your site with 0777 permissions (folders should be maximum 0755 and files should be 0644)
- CHMOD your wp-config file to 0750 (this prevents other users reading the file)
- DISABLE directory browsing on your hosting account
- INSTALL WP Security Scanthis security plugin to make sure your wordpress install is not vulnerable
- INSTALL Login Lockdown to prevent attacks on your login page
- CHANGE your ftp password on a regular basis
The above list is by no means exhaustive but its a good start for most novices to close some holes with their site.
