I’ve been a bit slow on updating this site. I have lots of ideas but not enough time. What I’ve decided to do is setup a schedule for posting. My goal is to write one original article a week and the second to find one or two good articles that I have read and post roundups about them and point you to the great content created by others. So today, I want to revisit the idea of WordPress security. Copyblogger (a website I read quite regularly) recently posted an article titled 10 Steps to a Secure WordPress Website. I’ve decided to focus on 3 of the ways they mentioned.
Use strong password
This is a really easy one to do and is essential in keeping your website secure. There are lots of articles on what exactly a secure password is but often times they are hard to remember. Here are the main points I use. The longer the better. This makes it harder and harder to “guess”. If you have trouble remembering passwords a sentance would be better than your birthday. “thisisastrongpassword” is better than “a8=15”. That being said the more “types” of characters (upper case, lower case, numbers, and symbols) you use the more secure it is. “Myfavoritenumber=11andmyfavoritecityisRome!” is actually really quite secure. It has 43 characters, Capitals and lowercase, numbers, and special characters. I recently started using “LastPass” which is AWESOME for saving passwords. It has a plugin which allows you to install it in your browser and automatically fill in the passwords securely so you don’t have to remember them. This even allows you to use a different password for each website you use. If you’ve never heard of LastPass, check it out!
Keep your website Updated
WordPress makes it easy to update your website to the newest version. Just click the “update” button when there is an update. (Be sure you have a good backup system running in case there is a problem!) Don’t forget to update your themes and plugins too as these can have ways to be hacked. Often times these updates provide security fixes for issues that have been found. If you are running an old version you are leaving yourself open for an attack.
Remove Old Themes and Plugins
You need to periodically go through and remove old themes and plugins that are’t being used anymore. When you deactivate the theme or plugin, the old code is still on the website. It is possible that there is an open security hole that needs to be closed. Why leave yourself open to attack? If you aren’t using it anymore, get rid of it.