After running the WordPress FAQs introduction to our new Q&A-focused series, Jane asked: With the recent attacks/hacks to WP blogs, what is the recommended course of action to secure a blog?
For those of you who saw that post, Charles has already recommended checking out the WordPress security category for starters. There are some really useful posts in there, including tips on basic WordPress security and WordPress security plugins.
Is WordPress secure?
This is a good question – and one that is bound to pop up in the aftermath of high profile security breaches. In short, the answer is Yes – WordPress is a secure CMS and blogging platform. It’s important to remember, however, that no matter how great any online tool is, it is never infallible.
Because WordPress is so easy to set up and use, everyone is doing it. Unfortunately, many new users leap in all guns blazing and are not aware that there are a few simple security measures that really are non-negotiable. These include creating a unique username, a tougher password, using the latest version of WordPress, changing the database tables prefix, and checking file permissions.
WordPress is secure. But it falls to users to ensure a few simple precautions are taken to maintain security.
How do I make my password safe?
It’s tempting to use the same password across all of your logged-in areas, but resist the urge. Using the same password across the board increases the overall risk of your password being compromised, because one hack could lead to all of your information being accessible.
Don’t use personal identifiable information (PII) in your passwords, including your
- Name or user name
- Partner or child’s name
- Birthdate or year
Try to make your passwords longer than eight characters, and use non-alphabetic special characters, such as numbers, underscores, exclamation points and question marks.
Make an effort to change your most critical passwords on a regular basis. You might even want to set a calendar reminder to prompt you to refresh your passwords every four to six weeks.
Why is updating WordPress so important?
Running your website on an old version of WordPress is like leaving your car windows wound down on a busy street. With your wallet on the dash.
Keeping your WordPress website up to date is one of the easiest security measures you can take. Think of it this way: new versions of the software are released for a reason – and often some of the most significant features of those new updates are bug fixes. What’s more, older versions of WordPress are not maintained with security updates. Do you really want to leave your site vulnerable?
Double check right now to make sure you’re running the latest version – and while you’re at it, check your plugins as well.
Think your WordPress website has been compromised? This So You’ve Been Hacked article offers a great first line of action to clean up the mess.
You can also head over to the all-knowing Codex for more tips on Hardening WordPress, and remember to post your WordPress questions in the comments below.