1. Make Sure WordPress Is Up to DateOne of the main problems people have with keeping their WordPress installation secure is updating. Follow these steps:
- Find the "Update" link under the "Dashboard tab" as shown below and click it.
- Once you're in the Updates menu, you will be prompted to update your installation if needed, or to redownload it if it's already up to date (as seen below).
2. Ensure Your Host Is Running the Latest Version of PHPIt should go without saying. If your host is running an old, insecure, version of PHP, nothing you do will help you. The latest version, as of this writing, is version 5.4.3 which patches a buffer-overflow vulnerability. Any good website hosting company will be more than happy to tell you what version of PHP your server is running if you open a ticket with them.
3. Use a Blank HTML File to Hide PluginsHackers can use knowledge of your plugins to find vulnerabilities in your WordPress installation. Simply place a blank html file (a text file with the extension *.html that has nothing in it) into your /wp-content/plugins directory to make sure that they can't look up your plugins.
4. Block Access To Your wp-config.phpSimply put, you do not want someone to have access to your wp-config. It has your table prefixes, database login information, and more. If you forget to protect it, you're going to pay for it - dearly. The wp-config file is located in the root directory of your WordPress installation and is the holy grail of hacker information diving. So simply place:
in your ".htaccess" file to tell Apache to make sure they don't get access to it. This will prevent any sort of unwanted access to your wp-config file. The ".htaccess" file is extremely important to the security of your WordPress installation (and your server as a whole). It would be wise to learn how to use it. Here is a good guide to get you started.
<Files wp-config.php> Order Allow,Deny Deny from all </Files>
5. Install Secure WordPressSecure WordPress is an excellent plugin that takes the guess work out of installation security. It takes care of removing nearly everything a hacker uses to get information on your installation. If there is one plugin you should be running, it is this one.
So there you have it. 5 extremely simple ways to get you started on your way to securing your WordPress installation. As WordPress is getting more and more popular by the day, hackers are becoming more and more vigilant at spotting exploitable holes in WordPress versions and then automating the task with the help of automated Google searches. Don't allow yourself to become a victim.