As WordPress continues to gain popularity, tools and methods to enhance its usability and flexibility will increase as well. So too, however, will attacks on WordPress-based blogs and websites.
With both of these developments in mind, a secure website is imperative, but not at the expense of usability. This article will show you nine steps to achieving both of these goals.
Five steps to a more complete and usable WordPress installation
Let’s start with the less complex steps. These five steps are part of the setup of your WordPress blog, but are often skipped, especially by those who have installed multiple instances of WordPress.
1) Complete your user profile, your tagline, and your timezone
As novice and beginner as this may seem, we have often advised people who have not filled out the most basic information on their websites. These are all simple things to do, and they help maintain consistency with your company’s brand. It can seem amateur if a company based in Newfoundland has a website that conveys times in Pacific Standard Time.
2) Change your permalinks
Outside of being aesthetically more pleasing, changing your permalinks to include the name of your pages and blog posts is also search-engine friendly.
3) Activate Akismet
Akismet is the leader when it comes to spam prevention in your comments on your blog posts. Register for an API key at http://www.akismet.com, or just use your wordpress.com API key. Once you’ve done that, apply that key in the plugin settings for Akismet.
4) Download plugins
Some of the plugins out there are great helps to your website when it comes to SEO, and you don’t even have to pay for them. There are plenty of free plugins that will help you optimize your website for search engines. An example of these are the “All in One SEO pack” and “Google XML Sitemaps”.
5) Choose the right Theme and Appearance Settings for you
Ultimately, your website is an extremely valuable tool to facilitate communication between you and your stakeholders. Therefore, pay special attention to choosing a theme and layout that meets your objectives. There are thousands – if not millions – of free themes on the market, but they tend to be difficult to use and customize. There are also premium themes that you can acquire, and in some cases, you may decide that you want to have your own theme designed and developed to meet your specific needs.
Four Steps to a more Secure WordPress-based website
Note that these steps involve knowledge of the WordPress system and its files, and some editing may be required. If you are not comfortable with this, hire a professional, or at the very least, preserve originals of any file you edit.
1) Change the database prefixes in wp-config
To secure your installation against hack attacks, it can be useful to change the prefixes of your database tables in your wp-config file. Visit http://www.random.org, and generate some random strings and apply that string as the “$table_prefix” in wp-config.php.
2) Install WordPress manually
WordPress can be installed very easily and without any hassle using many one-click services. This is a boon for those less experienced with website installations. On the downside, one-click installation processes only set default settings, which make it easy for hackers to gain access to your site. Using a manual process may take longer, but it allows you to alter the default administrator username. Most hackers correctly assume that website owners resort to default usernames and passwords, so it’s imperative to change these usernames
3) Delete wp-admin/install script
After installing wordpress, delete wp-admin/install.php script to increase login security. If you don’t do this, a database error will make your installation page indexable, allowing just about any visitor to reinstall your WordPress installation with new Admin and password settings. To protect yourself from this, the very least you can do is to kill the “wp-admin/install.php” file after installation.
4) Install plugins
One of the great qualities of WordPress is the community that creates plugins and provides support, and there are also free plugins that can increase the security of your WordPress installation. “Secure WordPress”, “Ultimate Security Check”, and “WP Security Scan” are among the more useful plugins to enhance the security of your wordpress installation. Note that you have to configure these plugins before they work fully.
