WordPress is an incredibly flexible publishing platform, but like any other website tool, you’ll want to make sure that your WordPress installation is secure. Here are four tips to show you how to take advantage of built-in WordPress security as well as build solid habits that will help protect your website.
WordPress Security basics
Don’t use the default administrator account. With WordPress, you have to start somewhere, and that somewhere is usually the default administrator account. In WordPress, the default administrator account is “admin.” Since the user name is exactly half of what you need to log in, the all-powerful “admin” account becomes something of a liability. For site administration purposes and better WordPress security, create a new user account with full administrative privileges, then disable or delete the “admin” account altogether.
Keep your password secure. To be an effective form of security, passwords have to be good. So what is a “good” password? Let’s start by talking about what’s not good. Any word that appears in any dictionary in any language known to man isn’t a good password. Your dog’s (spouse’s/kid’s/etc.) name is not a good password. “Password” is not a good password. “Xyzzy” is not a good password.
Ideally, good passwords have somewhere between 8 and 20 characters, and contain both upper and lower case letters, numbers and special characters like “!” and “?”. One good way to generate a password is to use a “mnemonic” or a collection of letters that stands for a phrase. If you can remember the phrase, you can remember the password. For example, you may have used a mnemonic to remember the order of operations in algebra class. “Please excuse my dear Aunt Sally” stood in for Parentheses, Exponents, Multiplication, Division, Addition, Subtraction. Using the same technique can help you construct a secure password that you can remember, that isn’t easily guessable and isn’t a regular word.
Don’t ignore security updates. Software publishers release updates for a reason, and as one of the Web’s most popular publishing platforms, WordPress makes a tempting security target. It’s up to you – the user – to apply security patches quickly. WordPress does have an automatic update feature that will apply updates to your installations when they arrive. That feature is enabled by default – which is good for most people. If, for some reason, you want to disable this automatic update feature, you’ll need to edit the wp-config.php file for each WordPress installation. Don’t disable automatic updates unless you’re really comfortable with what you’re doing. And don’t forget that your third-party plugins may have their own security patches to apply. Once the publisher releases a security patch, consider yourself in a race with a world full of hackers. First one to your website wins!
Consider WordPress security plug-ins. You can manage some aspects of your WordPress security with plugins like VaultPress – which comes from the same crew that brings us WordPress itself. When we think about security, we’re almost conditioned to think of hackers and thieves, but WordPress security is a little broader than that. Using a plug-in like VaultPress enables you to secure your site and at the same time, back it up in real-time – great for site recovery if your site contains a lot of dynamic content and happens to go down for a mundane reason – like a hardware failure.
If you would like more information about WordPress security, WordPress web design or how you can use WordPress to manage your website content, please contact our Creative Director, Dave Ramsell or give Dave a call at (330) 243-0651 to set up a consultation.
Photo Credit: Sarej, via FreeImages.com