WordPress Security (2012)

We've seen a few Wordpress web sites hacked within the last months, and we'd like to give this advice to make your Wordpress installation more secure.

  • Keep your computer clean of any virus/trojan - Schedule full scans daily
  • Change your passwords often, and use strong passwords - use passwordmeter.com to test password candidates for strength
  • Keep your WordPress and Plugins up to date - Don't procrastinate.
  • Make regular backups Your Plesk Control Panel allows you to schedule regular backups of your web site.
  • Clear any and all cache files on your server. De-activate the caching plugins, remove them and their associated directories and then download and re-install them
  • Back up your wp-config.php file and wp-content directory then completely remove all of your WordPress files and directories, then re-upload from a fresh and up-to-date WordPress install. Audit your wp-content directories and wp-config.php file before re-uploading.
  • Use some WP Security plugins:
  • Check your database, specifically the wp_options table for suspicious code (see Chris Pearson’s post below, How to Diagnose and Remove the WordPress Pharma Hack

WordPress Security Reference Links

Thanks to some friends at Automattic and in the WordPress community, here are some links for your reference:


Properties ID: 000169   Views: 3971   Updated: 12 years ago
Filed under: