How To: Managing Your WordPress Site Security

This article contains a number of tips that should keep in mind to ensure that your WordPress site contains no security holes that might make it vulnerable to hackers.

Use a Secure Password

Creating a strong password is one of the best and easiest defenses against being hacked. Make sure you change it at least once every six months as well.

Don’t Leave Directories Open

A hacker could easily use open directories to his advantage if there is a known exploit, so make sure that you do not leave them open.

Keep your Database Login Information Safe

You can keep your database username and password safe by adding the following code to the .htaccess file at the top level of your WordPress install:

<FilesMatch ^wp-config.php$>deny from all</FilesMatch>

Delete Meta Tag Version Strings

Some WordPress themes have a meta tag that displays the WordPress version you are using. This is an easy way for hackers to infiltrate your blog if you haven’t upgraded and there are known vulnerabilities.

The following is the meta tag in the header.php file that displays the current WorPpress version:

<meta content=”WordPress &lt;?php bloginfo(‘version’); ? /&gt;” name=”generator” />

Regularly Backup

Another good rule of thumb is to always take regular backups of your file directories as well as the database. The WordPress Database Backup plugin creates backups of your core WordPress tables.

Keep WordPress Updated

Perhaps the best thing you can do to stay secure is to make sure that WordPress site is updated on a regular basis. Make sure you back everything up before performing the upgrade. Also, make sure to keep your plugins, widgets, themes, and WordPress versions updated as well.