Some Advice On Securing Your WordPress Site

If you’re hosted on WordPress.com, there’s not a great deal you can do to harden your site. However, if you have your own server space somewhere and it uses WordPress as a content management system / blog software, there are a few simple steps you can take to make your particular part of the internet a little less inviting to hackers.

Over at Sucuri, Tony Perez talks about some of the bigger issues you need to worry about. While he goes into great detail, what it boils down to is not installing untrusted plug-ins, making sure you connect over secure protocols (such as SSH and SFTP) and employing a “least privilege” methodology when granting access to users.

One of the easiest and best tips is to just disable theme editing from within WordPress so if someone does get your password, the amount of damage they can do using PHP is limited. This can be done by opening up the “wp-config.php” file in your installation’s root path and making the following change:

#Disable Plugin / Theme Editor
Define(‘DISALLOW_FILE_EDIT’,true);

The post contains more information of specifics and does an excellent job of not only explaining what you can do, but why you should do it.

WordPress Security – Cutting Through The BS [Sucuri Blog]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


One response to “Some Advice On Securing Your WordPress Site”

Leave a Reply