This is a guest post by Adam on securing your WordPress Blog. You can read the guidelines for guest posting at our guest posting guidelines page.
Getting hacked is not fun. Imagine waking up one morning to find your entire blog compromised. All the posts, media and future revenue are gone… and there’s nothing you can do about it.
Fear not. With a few simple tweaks you can make your WordPress blog much more secure. These tweaks may not keep out professional hackers like Anonymous, but it will keep out the riff-raff.
Below are five simple steps to secure your WordPress blog…
Step #1. Delete your admin account.
By default, WordPress creates an admin account with the username “admin.”
Since a hacker needs a username and password to hack your site, failing to delete this username makes it half as hard to hack your site.
Here’s what you need to do: Log into WordPress and click the Users tab. Then click Add New User and create a new admin with a different username (e.g. “yourname”).
Once the new admin is created, go back to the Users tab, select the “admin” user and delete it.
You will see a page like this:
Image credit: Trekity (Flickr)
If the “admin” user has created posts and/or links, you can have them attributed to your new user by selecting the “Attribute all posts and links to:” option.
Step #2. Move the wp-config.php file up a level.
The wp-config.php file is very important to your blog. It includes all the configurations for your entire site… and if a hacker gets a hold of it, they can completely erase your blog.
By default, the wp-config.php file appears here:
This location is publicly viewable (which allows hackers to attack the file using scripts and/or bots). Therefore, you need to move the file up a level so it looks like this:
To do this, simply drag the wp-config.php file outside of the public_html folder.
Step #3. Backup your database daily.
OK, this isn’t technically a security issue, but it can save your blog if you do get hacked. If your site gets completely erased, having a backup lets you re upload all your existing content.
Fortunately, this is very easy to do.
WP-DBManager automatically backs up your database every day and emails you the file. It only takes a minute to install and could one day save your blog.
Step #4. Regularly update WordPress and all plugins.
Every new version of WordPress includes fixes and improvements on previous versions. By using an outdated version of WordPress you may leave yourself open to attacks through known security loopholes.
There are two solutions to updating WordPress: manual and automatic. I recommend updating manually (be sure to backup everything beforehand!) so you can test your site immediately after to make sure nothing broke. If you’d like to update automatically, you can do so from within WordPress.
Updating plugins is important, too. However, I usually wait a week or so to update my plugins, as this gives time for the developer to sort out any bugs.
Step #5. Change your database name and password.
If a hacker accesses your database, they can access all your other databases… if you use the same password.
To prevent this, you’ll need to change your password with your hosting company. If you don’t know how to do this, give them a call and they’ll walk you through the process.
So there you have it: five simple steps to protect your WordPress blog from hackers. Any other tips? Let us know in the comments below!
About the Author:
Adam Costa is the Editor in Chief of Trekity.com, a killer new travel website and is the co-founder of the Travel Blogger Academy. If you like to travel, follow him on Twitter for updates on the world’s greatest travelers.