Make WordPress More Secure

If you want to keep your WordPress blog safe from intrusion, two ways to eliminate basic attacks are to move your wp-config.php file up one directory to a non-public area and to delete the admin user account. Neither of these will stop a determined and skillful malefactor, but like using a bike lock, they will keep the basic thugs out.

Blogging site Problogger suggests that keeping WordPress, your plugins, and your themes updated and using a secure password are the the most effective ways of keeping your site secure.

They also suggest moving the wp-config.php file up one level from ~/home/user/public_html/wp-config.php to ~/home/user/wp-config.php. Keeping the config file in a public places means that sufficiently skilled evildoers can inject malware or delete your site by compromising your WordPress configuration settings. WordPress automatically knows to look for wp-config.php one level up, but this trick will not work if your blog is in a subdirectory ( or as an add-on domain in cPanel.

Everyone who has ever dealt with WordPress knows that admin is usually the default account for WordPress installations, and most people never delete the account. This makes it easy to employ brute force cracking techniques since the username is already known. Instead, create a new account with administrator privleges and delete the admin account; you’ll get the opportunity to change attribution of all posts to your new administrator username. If you can’t delete the admin username make sure the email address under general settings matches your new account, not the admin account.

Take 5 Minutes to Make WordPress 10 Times More Secure [Problogger]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


One response to “Make WordPress More Secure”

Leave a Reply