Orion's Web

Website Management & Development

You are here: Home / WordPress / Basic Wordpress Security

By Leave a Comment

Basic WordPress Security

I am often asked what I do to secure my WordPress websites, for myself and my clients…

There are many layers of security that you can enact in order to secure your website below are just a few of the basics that I religiously adhere to on every WordPress install that I have input with:

  1. UPLOAD: Start securing your website right from the initial file upload! N
  2. ever user /wordpress/ as the directory for your install; if your WordPress is not being installed in the root directory of your website create a directory with a user-friendly name for your site visitors.
  3. DATABASE: When creating your database, don’t use wp for the database name, use creative db names, db user-names and ensure your password is secure (use letters (upper & lower case), numbers & special chars)
  4. WP-CONFIG.php: This is probably the #1 place where most security is compromised.. When filling in your wp-config.php file pay close attention to the options!
    • take the time to acquire the Authentication Unique Keys and Salts: https://api.wordpress.org/secret-key/1.1/salt/
    • be sure to change the WordPress Database Table prefix from wp_ to something different
    • after uploading be sure to delete your wp-config-sample.php file
  5. Creating Login:  Please when you create the initial Admin login for your WordPress install do NOT use the default of ‘Admin’ for your username, it’s a bit obvious and does half the job for any potential hackers.
    • Users: Once created edit the user so that your username is NOT used as the posted by:
    • Passwords: I think most of us are catching on these days, but I have to put it here, please make sure that you and any other admins use secure passwords, letters, numbers, different cAse, special char$ AND change them !!!
  6. Plugins: Do some research, there are quite a few excellent security plugins out there! You want something that helps fight comment spam, a blocklist plugin which will deny known hackers, and a firewall to catch and block attacks – as with all plugins, take time to look at the history of the plugin (does it get updated regularly), the number of downloads, and the reviews

Those are the bare-bones basic security measures everyone should take on a WordPress install.

If anyone has any additions or suggestions to add, please comment below!

Orion’s Web

For information & quotations:
[email protected]

Existing clients please email:
[email protected]

Reader Interactions

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: