WordPress Security (2012)

We've seen a few Wordpress web sites hacked within the last months, and we'd like to give this advice to make your Wordpress installation more secure.

• Keep your computer clean of any virus/trojan - Schedule full scans daily
• Change your passwords often, and use strong passwords - use passwordmeter.com to test password candidates for strength
• Keep your WordPress and Plugins up to date - Don't procrastinate.
• Make regular backups Your Plesk Control Panel allows you to schedule regular backups of your web site.
• Clear any and all cache files on your server. De-activate the caching plugins, remove them and their associated directories and then download and re-install them
• Back up your wp-config.php file and wp-content directory then completely remove all of your WordPress files and directories, then re-upload from a fresh and up-to-date WordPress install. Audit your wp-content directories and wp-config.php file before re-uploading.
• Use some WP Security plugins:
  • Secure WordPress
  • WP Security Scan
  • WordPress File Monitor
  • WordPress Exploit Scanner
• Check your database, specifically the wp_options table for suspicious code (see Chris Pearson’s post below, How to Diagnose and Remove the WordPress Pharma Hack

WordPress Security Reference Links

Thanks to some friends at Automattic and in the WordPress community, here are some links for your reference:

• WordPress Security Presentation
  A great WP security presentation by Brad Williams of WebDevStudios
• Securing wp-admin
• Securing wp-config.php
• Moving wp-content
• Installing WP with Clean SVN Repositories
• If you’re a busy, well-to-do, business person who just doesn’t have the time, you could contact and hire a outstanding WordPress and PHP developer and occasional blogger… </shamless_self_promotion>