Securing your wordpress installation is the very first task that every webmaster or blogger should do before making your website public. With the advent of automatic scripts and other automatic tools, hacking has become a doodle. Even a 13 year old script kiddie can sit front of his computer and start hacking websites. To protect yourself from this here are the few tips that one can follow to make their wordpress based websites more secure.
Keep your wordpress installation updated
WordPress as you know has a large pool of developers and they release updates from time to time in order to add functionality and to cover up any security holes or exploits found. If you don’t update your wordpress installation than you will be vulnerable as there is always a probability that your present wordpress install has some security holes which can help hackers to compromise your website. Updating wordpress installation is probably the most simple and easy as compared to updating of other CMS such as Drupal and Joomla. Just with two clicks you can update your website to the latest version.
Always keep a backup
Backups are always important. Even if somehow your site is hacked than also you can always restore your backup and come back online and than fix the exploits which were responsible for the hacking of your website. If you are on a cPanel server than there is a option in that where you can download the entire backup copy of your account. If you don’t have cPanel than there are wordpress plugins available that can help you to backup your sites database.
Changing the default database table prefix from wp_ to something random
If you perform this step than you can save your website from automatic or script attacks. This is not a full proof method. It is just a added layer of security for your website. If one is determined he can still know your new table prefix.
Removing the generator attribute from your wordpress
Hiding the version of wordpress from hackers is always an important towards site security. WordPress by default add generator attribute to a meta tag in your HTMLs head tag. You can download the WSD security to remove this attribute.
Protecting your WordPress admin panel
Secure you wordpress admin using a .htaccess file. This will allow only you to be able to login into the admin panel of your wordpress. Click here to know more about securing wordpress admin directory with wordpress.
Turn of the database errors
If something wrong occurs in core functionality of wordpress than it produces database errors. These are useful to admins for debugging purpose but it can also provide some sensitive information to the hacker. Hackers deliberately tries to produce database errors. You can turn them off using plugin WSD Security
Do not install untrusted plugin
Always install plugins from wordpress plugin directory. Do not install plugin from sources other than the official one.