Top 10 WordPress Security and Website Tips
When Office To-Go takes over WordPress website maintenance or a new project, we employ these security measures and recommendations.
1. Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear “above the fold.” Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve – screaming logos and headers!
2. Use STRONG passwords of 10 or more characters and DO NOT use “admin” for a username. Create a new user profile assigned to the administrator role, log back in with the new user profile and DELETE the admin file. It can’t be said strongly enough: use strong passwords for WordPress and any other site which requires passwords. Use an online password generator.
3. BACK UP your site regularly and keep a copy on your computer and off-site storage. If you have a very active site, back up daily. You spend a lot of time and money on your website, don’t skip this! The one complete solution that does it all is BackupBuddy, no other plug-ins back up your files, widgets, plugins and database. Need to move your site to another host, this will do it in less than a few minutes!
4. Select your plugins wisely, too many will slow down your site. Badly coded plugins are a hacker’s back door into your website.
5. Install the WordPress Firewall Plugin. This plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.
6. Move your configuration file one level above the root directory of your server (if you’re running WP in the root directory of your site as opposed to yourdomain.com/blog subfolder).
7. Do not use wp_ as a prefix for your databases. Most web hosting companies are eliminating that default now but if yours does not, change wp_ to anything else but that.
8. Install Secure WordPress plugin.
9. Install an anti-spam plugin such as WP-SpamFree.
10. Rewrite your .htaccess file to lock down your wp-admin directory by IP addresses. Add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:
AuthName “Access Control”
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx