WordPress Security (2012)
We've seen a few Wordpress web sites hacked within the last months, and we'd like to give this advice to make your Wordpress installation more secure.
- Keep your computer clean of any virus/trojan - Schedule full scans daily
- Change your passwords often, and use strong passwords - use passwordmeter.com to test password candidates for strength
- Keep your WordPress and Plugins up to date - Don't procrastinate.
- Make regular backups Your Plesk Control Panel allows you to schedule regular backups of your web site.
- Clear any and all cache files on your server. De-activate the caching plugins, remove them and their associated directories and then download and re-install them
- Back up your
wp-contentdirectory then completely remove all of your WordPress files and directories, then re-upload from a fresh and up-to-date WordPress install. Audit your
wp-config.phpfile before re-uploading.
- Use some WP Security plugins:
- Check your database, specifically the
wp_optionstable for suspicious code (see Chris Pearson’s post below, How to Diagnose and Remove the WordPress Pharma Hack
WordPress Security Reference Links
Thanks to some friends at Automattic and in the WordPress community, here are some links for your reference:
- WordPress Security Presentation
A great WP security presentation by Brad Williams of WebDevStudios
- Securing wp-admin
- Securing wp-config.php
- Moving wp-content
- Installing WP with Clean SVN Repositories
- If you’re a busy, well-to-do, business person who just doesn’t have the time, you could contact and hire a outstanding WordPress and PHP developer and occasional blogger…