7 WordPress Gurus Revealed Their Best Tip to Handle WordPress Security

Wordpress security

7 Tips to Secure WordPress

Worried about WordPress security?

You must be if you’re really serious about your business.

If Chris Brogan found the process of restoring a hacked website really painful, surely it will be a nightmare for you and me.

It’s always better to be safe than sorry.

To help you to keep your WordPress secure, I asked the following question from WordPress gurus.

Q: What is your best tip to secure a WordPress website or blog?  

Don’t just read the answers, implement the tips right away.

#1 Jesse Petersen

 Jesse is a Preferred Genesis WP developer, husband, foster dad, and all-around geek. Quality + Integrity.

 

Secure the database several ways:

  • make it accessible by only one username
  • use a 15-20 character password and use it only for that install
  • change the table names to not be wp_
  • move the database-related content of the wp-config.php file to an off-the-Web folder (above www or html folders) on your server like so:
    • o <?php
    • o include(‘/home/userdir/sample-config.php’);
    • o define(‘WPLANG’, ”);
    • o /** Absolute path to the WordPress directory. */
    • o if ( !defined(‘ABSPATH’) )
    • define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
    • o /** Sets up WordPress vars and included files. */
    • o require_once(ABSPATH . ‘wp-settings.php’);
  • the best tip, though, is to migrate to a managed WP host, such as WP Engine, who handles all of the security via firewalls and proper techniques.

 

#2 Mark Forrester

 Mark is  the proud co-founder of WooThemes working most days from their headquarters  heading up the product design & development and working closely with fellow co-founder Adii Pienaar on business strategy, marketing, and day-to-day administration.

Constant vigilance. Be sure of what code is on your website – choose the plugins you use on your website carefully. Register with a service like VaultPress or WP File Monitor which keep track of changes to your WordPress core files.

#3 Coen Jacobs

 Coen is a web developer currently working for WooThemes on the WooCommerce plugin. He has worked at various internet agencies and development gigs before and is now making eCommerce and WordPress love each other. Most of his time he can be found in The Netherlands, but likes to travel and visit fellow geeks all over the world and speaking at conferences. If you can’t find him, try the local Starbucks or read his blog.

Security and hosting go hand in hand. I see it every day at my work on the WooCommerce plugin. People are still using cheap web hosting when it comes to a website that they hope will make money some day. Please invest in a more stable web host that is there to support you when you need them most.

Also, a good thing to invest in is a backup strategy, or maybe something advanced as VaultPress.

To keep your website secure from the ground up, always check the plugins and theme that you are using. You will not be the first (and unfortunately not the last either) to use a plugin that has a massive security hole in it.

It is best to use plugins and themes from trusted authors, or at least have a good look at reviews and Google the name of the plugin and see if anything weird comes up. Another benefit of the big WordPress community is that we like to write about bad plugins and themes, so check that first.

 

#4 Jared Atchison 

 Jared is a WordPress consultant, Genesis developer, Texas A&M graduate, and proud Texan.
He has been using WordPress for over 5 years and specialize in the Genesis Framework. He works with clients of all sizes – from WordPress VIP customers to small businesses and individuals.

It’s hard to really nail down good security practices in a few sentences. I usually refer people (and clients) to http://www.slideshare.net/armeda/wordcamp-chicago-2011-wordpress-end-user-security-dre-armeda as Dre does a great job hitting all the essentials in that presentation.

However, to try to answer your question:

Securing your WordPress site isn’t a difficult task and there are a few key things that can be done that give great results. Do not use an ‘admin’ user account, don’t let any admin users use weak or simple passwords, keep all plugins/themes/WordPress up-to-date, and lastly don’t get plugin happy. All plugins are not created equal. Before you install a plugin check and see if it is from a reputable author, check the plugin rating and when it was last updated, and lastly look and see if the plugin has outstanding support requests. If all those things check out, then the plugin is typically well written and safe to use.

#5 Jason Manheim

 Jason design and develop WordPress solutions for businesses on the web at Designpx, drink green at HGD, and am interested in almost anything pertaining to health, fitness, tech, and learning/improving in general.

In my experience you really only have two options: Let VaultPress and Sucuri handle your security and backups or go with a dedicated WordPress hosting company like WP Engine or Page.ly. I push my clients to go with the latter but if they insist on sticking with cheap hosting, the former is a must.

#6 Adrian Spiac

 Adrian is the co-founder of Cozmoslabs.com, a platform powering WordPress Solutions for Developers. You can follow him on Twitter.

 

Always use strong passwords

It may seem pretty obvious, but people keep procrastinating on this one.

Having a strong password is probably the most powerful security tip, and maybe the easiest to implement. It diminishes significantly the chances of your website being hacked.

A good password rule when setting WordPress passwords is either use the password generator, or manually enter a password at least 10 characters long combining letters and numbers, lowercase and uppercase.

Also try not to use the same password for multiple sites you own. This way you just increase the chances of a disaster striking.

#7 Rachel Gogos

 Rachel is the Chief Digital Strategist at www.brandiD.com Making the Web More Personal – that’s their mantra at brandiD.com. They offer Personal branding, digital marketing, WordPress design & dev.

Essentially, there is no one best tip–its more about keeping on top of maintenance and monitoring for the long term. You’d want to be following all the guidelines here:

http://codex.wordpress.org/Hardening_WordPress

The most common hacks I see come from: using plugins that are no longer supported/haven’t been updated; not updating the WordPress core in a timely manner; and using insecure/easy passwords. But everything in the codex link above is important.

Your Turn

Did you find the answers helpful to handle your WordPress security ? Please leave a comment below to let me know.

Disclosure of Material Connection: Some of the links in the post above are “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission (at no extra cost to you). Resources I have shared with you because I think these are helpful and I trust the companies not because of the commission I will get. Please do not spend money unless you understand the products and feel that can help you to achieve your social media marketing goals.

(Visited 46 times, 1 visits today)

Get email updates (it’s free)

I’m on a mission to get you the answers of all your painful questions regarding internet marketing, business management & personal development from top experts.

Free blog setup Image

Connect With Me!

1

Photo Credit :

Comments

  1. Aayna says:

    WordPress security is certainly the talk of the town. Such a nice compilation of tips from the experts. Thanks for the share.

  2. Moin says:

    I had lot of concern on my blog security. I am so happy to read your tips. I will apply this security which you mentioned on your site. Hope that you will make more post about more tips for the new blogger.
    Thanks!!!

  3. Adrienne says:

    Such great tips Rana from some people who should know right!

    I think when a lot of us come online and seriously have no clue what we’re doing we listen to who we “think” can help us. I think it’s just been trial and error for me throughout this process and knock on wood, none of my sites have ever been compromised. I’ve taken the tips from people I’ve come to trust throughout my time here online and have secured my blog to the best of my abilities. I guess I must be doing something right although I’m not using some of the services these guys are recommending.

    Thanks for sharing this because it is a very important topic.

    Hope you’re enjoying your week.

    ~Adrienne

    • Rana Shahbaz says:

      Thank you for being so awesome to share your thoughts Adrienne. I’m glad that you found tips to improve your WordPress security.

  4. joy says:

    This post came up right on time! I was just worrying about my blog’s security earlier this morning and I decided to read up on it. Expert tips from expert hosts I might say. Thanks for compiling these!

  5. Emilia says:

    Ah yes, more tips from the gurus! Thank you for this compilation. It’ll certainly help.

  6. Wayne Melton says:

    My feeling is if a professional hacker wants your site he will get in. Amateurs and bots are a different story. Start with the password, keep themes, plugins, and wordpress updated, improve the anti-virus on your home computer. There are many other ways.

    I think in my own case the biggest security risk I have is on my regular laptop computer. I search the web and pick up viruses. I seem to attrack them. I use avast software. I like it better than Norton which I got for free. Norton never could identify the FBI moneypak and I got hit several times.

    Now I am all clean and run several AV scan programs.

    If your home computer has your wordpress files you are at risk.

    Wayne Melton

  7. Satish Patel says:

    A great list indeed. A strong password along with Vaultpress basic edition should do for me. Thanks for sharing.

  8. Tom Treanor says:

    Rana,
    Awesome post. You really got the experts for this one – great job! I’d written a post for my readers on what I’m doing to prevent and monitor my site but you definitely have some gold here!

  9. sanchit says:

    really good security tips. i will keep it in my mind. and works with them.
    Thanks!

  10. Purnima says:

    Enlightening share Rana.
    Great tips to make WordPress secure. Keeping WordPress plugins updated and changing passwords frequently are effective measures. These tips will act as a guide card for me .

  11. Michael says:

    A lot of people don’t pay any attention to security until after they get attacked. Proper security is essential for online businesses. Sometime it is a bit of a hassle getting it set up if you are new to we development, but trust me it will save you in the long run. When you are making that money online the last thing you want is a hacker getting access to you member base or totally bringing your site down, putting the brakes on the cash machine. VERY good tips and reminders here. Thank you!

  12. Vpn Top Ten says:

    One of the big issues I’ve noticed is wordpress attaches your username as the post author by default. Use the edit author slug plugin to change your “author” tag to a nickname that doesn’t match your login info. Giving a hacker your username is like giving him the first 8 digits of your password.

  13. Lorenzo C. says:

    Login Lockdown & Limit login attempts are two plugins that can help prevent brute force attacks on your wp-admin. Both are available via the WordPress plugins directory.

  14. Rudd says:

    I like the first tip from Jesse Petersen.
    I’ve heard about moving the wp-config.php file from other folks, but quite skeptical about doing it.

    ps: I think you lose formatting on the code format.

Trackbacks

  1. BizSugar.com says:

    WordPress Security: 7 WordPress Gurus Revealed Their Best Tip…

    Worried about WordPress security? You must be if you’re really serious about your business. It’s always better to be safe than sorry….

  2. [...] WordPress Security: 7 WordPress Gurus Revealed Their Best Tip – Worried about WordPress security? Find out how WordPress Gurus secure their own and clients websites. [...]

Leave Your Reply

*