Security Measures to Protect Your WordPress Blog
September 7th, 2012 | 
Author: Many bloggers overestimate how secure their WordPress sites are. Make sure you don’t make this mistake. WordPress sites are sophisticated applications, but they are far from secure. Make sure you take the proper steps to keep your site from being hacked or infected.
The following steps can help you minimize the risk that your site will be hacked.
Don’t Think Your Site is Off Hackers’ Radars
The hacking stories that make the news tend to be the most high-profile cases. This has led some bloggers to assume that hackers are only drawn towards sites belonging to Fortune 500 companies, government intelligence agencies or agencies with a political message. This isn’t the case at all.
Many sites are hacked automatically. Unscrupulous entrepreneurs may hack your site to build backlinks to their own sites, steal visitor information or simply because they want to annoy random bloggers. Never assume your site won’t be vulnerable to hackers.
Set User Roles Responsibly
A guest blogger wrote an entire post on Problogger dedicated to setting up user roles responsibly for your WordPress site. Make sure you understand the different roles (super-admin, admin, contributor, subscriber, author and editor) and assign those roles responsibly. You don’t want to make someone an administrator if they have requested to submit a guest post to your site. I have a client that actually made that mistake once, but the guest blogger pointed it out and asked to be reassigned so they wouldn’t be liable for any security problems that could arise in the future.
Also, you should try to make sure you have more than one user role assigned. Publishing all your blog posts under the role “Siteadmin” or something similar can be particularly dangerous. A hacker will have full access to your site if they can guess your password.
Set Secure Passwords
Setting an insecure password is the biggest security risk to WordPress or any other application. Many WordPress bloggers surprisingly set their password to “admin” or something equally easy to figure out. Your password needs to be secure from both password crackers and humans who can figure it out through social engineering tips. Here are some tips to make your password more secure:
- Make sure your password is sufficiently long enough to be difficult to crack. Many experts use to advise that eight character passwords were considered secure. This rule of thumb no longer holds. Keep your password sufficiently long, but make sure you can still remember it without having to write it down.
- Use a mixture of different types of characters. Using special characters such as punctuation marks will make your password harder to crack.
- Don’t make it easy for a hacker to guess your password. They are becoming increasingly adept at using social engineering strategies to guess login information. The best passwords will be totally random or won’t be referenced in your social media profiles or obvious to anyone who knows you. Also, make sure you never use a password such as “admin.”
A strong password is one of your most important lines of defense against hackers. Keep it strong and keep it secure.
Update Your Site Regularly
WordPress is constantly trying to improve the site’s package and look for security holes. As new security flaws are discovered, they are usually patched in future updates. While that should be encouraging for bloggers, it won’t do you any good if you don’t take the time to update to the latest version.
WordPress is an invaluable Content Management System for bloggers. However, you must always remember that it isn’t foolproof to hackers. Take the right measures to keep your site as secure as possible. It’s always better to be safe than sorry!
Kalen Smith writes about technology and IT security for Trend Micro.
Posted in Blogging