10 Tips to Secure Your WordPress Blog | 2 | WebReference

10 Tips to Secure Your WordPress Blog | 2


6. Use Secret Key to Protect Your Authentication Information

By default your database authentication username, password, and database address are stored in pure text format. This is not a very good idea. WordPress has a solution to fix this, but for some reason many people don't seem to be using it. The WordPress project has something called a secret key. Head to this link and use the key. Paste the phrase you generate into your user, password, and address fields.

Figure 2: What the Key Looks Like

7. The Importance of Backing Up

I can't emphasize this point enough. Things will go wrong, maybe by your mistake or you an attempted entry into your blog, or you server could just go kaput. Having regular backups ensures that you can back in business quickly. Oftentimes it's more important to be back in business than to know what went wrong. Once you are online again you can take the time to analyze what went wrong. There are a number of tools out there to help you with your backups. You can even just use a simple shell script to backup your files and database.

8. Restrict Login Attempts with Login Lockdown

Use a plugin such as Login LockDown to restrict the number of login attempts permitted per IP address. This plugin will monitor how many failed login attempts are made within a fixed time frame and block any possibility of logging in from that IP for an hour. These settings can be changed.

9. Scan for Security Holes

WP Security Scan and WordPress Scanner are two plugins that will scan your WordPress install, plugins, your template, and more for vulnerabilities. You should run them every once in a while to make sure that things are OK.

10. For the Paranoid: AskApache Password Protect

The AskApache project has a very powerful plugin called AskApache Password Protect which uses a combination of tools to prevent your blog from being exploited. It uses a combination of some of the world's most powerful security tools such as the Snort Intrusion Detection and Prevention system, Nessus Vulnerability Scanner, and the Web Application Firewall ModSecurity.

Original: January 11, 2011