If you want to keep your WordPress blog safe from intrusion, two ways to eliminate basic attacks are to move your wp-config.php file up one directory to a non-public area and to delete the admin user account. Neither of these will stop a determined and skillful malefactor, but like using a bike lock, they will keep the basic thugs out.
Blogging site Problogger suggests that keeping WordPress, your plugins, and your themes updated and using a secure password are the the most effective ways of keeping your site secure.
They also suggest moving the wp-config.php file up one level from ~/home/user/public_html/wp-config.php to ~/home/user/wp-config.php. Keeping the config file in a public places means that sufficiently skilled evildoers can inject malware or delete your site by compromising your WordPress configuration settings. WordPress automatically knows to look for wp-config.php one level up, but this trick will not work if your blog is in a subdirectory (domain.com/blog) or as an add-on domain in cPanel.
Everyone who has ever dealt with WordPress knows that admin is usually the default account for WordPress installations, and most people never delete the account. This makes it easy to employ brute force cracking techniques since the username is already known. Instead, create a new account with administrator privleges and delete the admin account; you’ll get the opportunity to change attribution of all posts to your new administrator username. If you can’t delete the admin username make sure the email address under general settings matches your new account, not the admin account.
Take 5 Minutes to Make WordPress 10 Times More Secure [Problogger]
Leave a Reply
You must be logged in to post a comment.