All popular software systems are targets for Hackers. WordPress (WP) is no different. According to BuiltWith.com WordPress powers 65% of the top one million websites in the world. Recent reports indicate it is once again a target. It always will be, so let's take some time to figure out not only what you need to do now, but also in the future to protect you blog platform investment.
You don't need to be a superhero to protect your site, or even a geek. The first line of defense are the system users, editors, and bloggers. Here are some tips with links to resources you can use to make your blog darn near bulletproof.
WordPress Security
Security through obscurity - If your primary administrator account is Admin, Create a new administrator account using a different username. Login as the new user, edit the account as needed then delete the default admin account. Advanced - Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix iswp_
, the default. Changing this can block at least some SQL injection attacks.
Know Your Network - Do you login at your local coffeeshop? Do you know where your computer has been? Open WiFi networks could reveal your login.
Insight
The day you're hacked should not be the start of your WP security training. Start now to understand how to prevent, minimize and recover from, a WordPress breach. Resources There are plenty of resources available geared toward prevention. Here are some of my favorites- Hardening WordPress - Take it to the hackers!
- WordPress Security – Cutting Through The BS, by Tony Perez
- Locking Down WordPress, by CodePoet.com
- FAQ My site was hacked, What to do once you've been attacked