If you are serious about your WordPress-based website, then you should also be serious about WordPress security. A search for WordPress at the National Vulnerability Database shows that WordPress has had an increasing number of vulnerabilities each year, with a whopping 342 in 2014. The number of vulnerabilities has decreased significantly for 2015, but the number is still fairly high.
This means that if you use WordPress, and you are not taking extra security precautions, your site could be vulnerable.
Luckily, there are some fairly quick and easy ways to beef up your WordPress security.
Address WordPress Vulnerabilities
You need a database to use WordPress; but if you share that database with other web applications, it will make your site more vulnerable. Instead of using a shared database, create a database specifically for WordPress so that your data is compartmentalized and contained.
You should also create a user account specifically for this database, and make this the only account that has access, and has limited access to the SQL commands. Do not use the default admin username because that would be too easy to crack.
You also need to create a strong passphrase for this account rather than the usual password. Passphrases are often easier to remember, and they can be harder to crack. To be most effective, use a phrase that is unusual, but has meaning to you.
You should also lock down your index and protect your WordPress Admin files by editing the .htacces file.
To lock down the index, making it invisible to browsing you would add the following line to the .htaccess file: Options All –Indexes.
To protect your Admin files, you can allow access for a specific IP address, or range of addresses, and deny access to everything else. You need to put a .htaccess in the wp-admin with the following lines:
- Order Deny, Allow
- Allow from ##.##.##.## (where the “##”s are the numbers in the allowed IP address or range)
- Deny from all
You can also set a user name and password combination for an extra layer of security.
Address Vulnerabilities on Your Computer
Creating a secure database is all well and good, but you will still be vulnerable if your computer isn’t protected. PC users have been using antivirus and internet security products for years, while Mac users have historically lagged behind due to the Mac’s perceived invulnerability to viruses and attacks. Unfortunately, hackers are now writing viruses and other malware to target Macs, leaving many Mac users vulnerable.
While Macs do have some built-in security features, industry leaders like Trend Micro have developed internet security and antivirus software for Mac operating systems.
You should also make sure that your operating system is up-to-date with the latest security patches, as well as the WordPress software.
These are just a few of the ways that you can beef up your WordPress security and give your site an extra measure of protection.
WordPress also provides a lot of information on security and maintenance, as well as updates for the latest version of WordPress.