2. Why do I need to secure my site? WordPress is a popular target for hackers A hacked site is inaccessible A hacked site redirects to malware A hacked site is expensive and time-consuming to clean
3. Securing Your Site (Beginners) Keep WordPress& plugins updated Caution: Turn off all plugins before updating WordPress Remove inactive and outdated plugins Activate Akismet to stop spam Choose the right hosting provider
4. Securing Your Site (Beginners) Add Security Plugins: Login Lockdown Secure WordPress WP-Security Scan Ultimate Security Check WP-File Monitor Exploit Scanner Maximum Security Plugin WP-Malwatch WordPressAntiVirus
5. Securing Your Site (Intermediate) Change the wp_ table prefix http://www.seoegghead.com/software/wordpress-table-rename.seo Disable anonymous ftp in cPanel Change “admin” name in wp_userstable using phpMyAdmin Move your .htaccess file to wp-admin directory Delete the wp-admin/install.php Delete the readme.html
6. Securing Your Site (Advanced) Disable directory views with .htaccess file Options –Indexes Verify and fix file/folder permissions Add secret keys to wp-config.php http://api.wordpress.org/secret-key/1.1/
7. Backing Up Your Site Manual Backups Download theme Download plugins folder Download uploads folder Download wp-config.php Export database sqlfile using phpMyAdmin
WP Security Scan to check Permissions.WordPress files should be 644. WordPress directories (the folders themselves) should 755. No file or directory should be given 777 permission.Unix/Linux Server Roles: User, Group, World0 --- no permission 1 --x execute2 -w- write 3 -wx write and execute 4 r-- read 5 r-x read and execute 6 rw- read and write 7 rwx read, write and execute