There are millions of WordPress blogs around the world and if you host WordPress yourself you will know that there is often some maintenance to be done. But many people don’t know and therefore when things go wrong on their blog. Most are surprised to find out that there were things they could have done to prevent the downtime. These are 5 ways to secure your WordPress Blog & avoid downtime. My shanemcdonald.ie site is based on WordPress and rarely do I have issues.
1) WordPress Plugins
Your hosted WordPress installation will have some plugins installed and from time to time these will be patched, improved and in some cases be given security improvements. You will know if an update is due on your WordPress plugins as a circle with a number will appear after the Plugins section on the left hand column of your WordPress Dashboard. Simply click into the Plugins section, select the plugins for upgrade and hit the Upgrade button. It is a straight forward process which is worth checking for every few days.
2) WordPress Installation Updates
Occasionally WordPress itself will be upgraded, at the time of writing this post version 3.4.2 of WordPress is the latest stable release. You will know if an upgrade for WordPress is available as it will be highlighted across the Top of your WordPress Dashboard. This Notification should not be ignored as it usually gives security improvements plus new features. The Upgrade process may include a database backup advisory so if you don’t backup your wordpress databases you should and there are some excellent plugins which allow you to do this.
3) Framework Updates
If you use purchased or 3rd party WordPress Themes, these may come with a Theme Framework. These framework updates are sometimes overlooked and people don’t even know they are there. Most often if you click Appearance -> Themes you may see an extra dropdown for Update Framework…this may also appear further down the Dashboard left column under Theme Options. you should always know what theme you are working with so that you don’t inadvertently delete or change settings for the theme – also if you are on twitter / the web you may see notifications or alerts for certain themes saying that updates are available for potential security loopholes etc.
This is one of the biggest problems on sites which have been attacked or hacked – people don’t set the correct permissions on files and folders. Setting permissions using chmod 777 which is read, write and execute for everyone is one way of asking for trouble. Its like leaving your backdoor open and wondering why you got robbed. There are plenty of tutorials online which explain file permissions and correctly set permissions allow WordPress and you (as the web admin) access, but no-one else.
5) Table naming and Admin usernames
One other way of protecting WordPress is when installing the system to avoid calling your tables wp_ and also by not allocating admin as the username but by choosing something else. This helps avoid attacks on known tables / usernames.
Hopefully these 5 ways to secure your WordPress Blog will help you avoid downtime. It might help you maintain a safer installation of the worlds best Blogging software.