Hardening WordPress – what else can I do?
Now that you have updated your WordPress installation and carefully selected your active plugins and themes, your website will be in a much more secure state that when you started. Sorry to be the bearer of potentially bad news but the downside is that this is not the end. Ensuring the long term integrity of your website is very much a frequent and ongoing process.
This final blog of this series will look at other things that you can do to secure your website as well as general considerations which may be of benefit.
Wait a minute, haven’t we already done this? Well, yes we have, but what has been installed or updated today may no longer be up to date tomorrow (or within an hour for that matter). Publishers frequently release patches for their software which address newly located exploits or issues that have arisen from the update of some other software. These need to be checked as often as possible but handily your WordPress dashboard will usually show a message to say when this is the case.
When you install WordPress, there are quite a few elements of it that can be changed during the setup process and in some cases, later. These include items such as the database prefix (wp_), the dashboard login URL (domainname/wp-admin), the username (Administrator) and the location of your “wp-config.php” file (which contains your database logins). If you just go with the default settings then your website will be similar to many others so if someone untoward does compromise a website then is easier for them to compromise additional sites by trying the same thing. By changing these elements to make them non-standard, it makes it more difficult for people to compromise your website.
Connecting to your website
Whenever you are looking to connect to your web space (either via FTP or by logging into the back end dashboard) you really need to consider the security risks of doing so. Are you currently connected to an unsecured network (such as a restaurant or café) where the traffic could be monitored? Is the device that you are connecting from 100% free of viruses and malware? It is all well and good having a super secure 30 character long password but if there is a key logger on the machine which then sends it to a hacker then it is obviously pointless.
Luckily, the nice people at WordPress have provided very detailed instructions to help you through the processes mentioned above as well as many other things to make your website that little bit more secure. These can be found at the URL below:
We hope that you have found our first series of blog posts useful and now that you have secured your website, you should feel happy that you have contributed to improving the quality and safety of your slice of the internet, even if it is just a little in the greater scheme of things. Together, we can help to move in the right direction and make the internet a safer experience for all involved.