In a rush? Here are 5 quick ways to secure your WordPress blog. At the very least follow these steps.
1. Delete the default administrator
Create a new administrator with a complex username, login with that account and delete the default administrator. Leaving the administrator’s username as “admin” makes cracking your login details 100% faster.
Why you need to delete the default administrator (and how to actually do it).
2. Create a really strong password
Passwords can never be too complex. Use a password manager to make remembering passwords easier, and consider using strongpasswordgenerator.com to generate the password itself.
3. Install all the plugins listed in our Plugins section
But the most important 3 to install are:
- Antivirus for WordPress, which scans your WordPress blog for malware and worms.
- Login Lockdown, which helps fight against brute force attacks.
- WP-DB-Backup, to backup your WordPress database via email.
4. Move wp-config.php
Login to your server via FTP and move the wp-config.php file to the parent directory. If it currently resides in /public-html/blog then move it to /public_html/. But if it’s in /public_html/ then move it to the top level directory, /.
5. Stay aware
Subscribe to the WordPress Development Blog and wpsecure.org feeds to remain up to date on all the latest security exploits that may affect you and your blog. Awareness is half the battle.
