I just discovered that one of my older domains which I scarcely use anymore but still receives trickles of traffic every so often and with it a handful of affiliate sales per month had been hacked. All of the files had been deleted, and what was worse was that when I investigated the site I found that I hadn’t backed up the database in quite some time. Therefore I urge everyone to celebrate and recognize today as WordPress Safety Day with me by following these 4 WordPress security tips.
WordPress Security Tips
Backup
I hadn’t backed up that site which got hacked in well over a year. This is inexcusable considering there are many free plugins which enable you to schedule backups. I couldn’t even find a recent backup from my hosting provider whom I set the database up with, either.
I recommend that you install a backup plugin such as WP-DB-Backup. It’s a free plugin and one of my best WordPress plugins for 2012 which while it hasn’t been updated in awhile it gets the job done in that you can select the precise files which you want to back up and either create backups on demand or you can schedule them to be emailed to you once every hour, day, week, etc. so that you know that whenever you have any issues (security or technical) with your site you’ll have that backup.
You can even backup your site through your hosting/database provider and it’s a good idea because backing up your database means backing up all of your posts, pages, plugins, and preferences. I recommend that you go ahead and backup all of your sites now
Update
I know it can be annoying to get bugged by WordPress to update to the latest version every week or so, but WordPress updates are paramount to the security of your site. Hackers are always looking for ways to compromise WordPress’ security and find a way to get into your site for their own amusement or gains, which is why it’s essential that you remain up to date with WordPress’ updates as they create these updates in part to fix compromising errors and holes in their security which could be exploited.
Permissions
You should limit the permissions for your various files and folders which make up your site as much as possible while still being able to operate and function properly. You can change the permissions to read, write (which means read and write), and execute (which refers to read, write, delete, change) your files and folders in relation to you, a group, or everyone. The less permissions you can allow, the more secure your site will be, but certain plugins which require access to certain files won’t be able to unless they have permission.
Password
Finally, remember to change your passwords every so often. It’s a good habit to get into writing down your passwords for your login, database, etc. and updating them every month or so if possible. And you’ve probably heard this thousands of times from anyone you keep passwords with, but avoid easy to crack identity related passwords. A good password is comprised of numbers, letters (upper case and lower), and symbols.
I recommend putting all of your WordPress login URLs of your various sites into one bookmarked folder in your browser so that you can open them all at once and remember to backup, update them, restrict your permissions, and change any passwords once a month, even the ones which you rarely used anymore.
Just remember the acronym BUPP and you’ll be doing what you can to keep your WordPress files and run site safe and secure.