The vast majority of WordPress security problems are actually easy to control. The core of WordPress has come a long way and is a fairly secure system. It may come as a surprise to some but the developers take security seriously and release patches very quickly. One of the great things about WordPress is the ease of updating and the speed of the development cycle.
Most problems are due to either poor judgement by the end user, poorly coded themes and plugins, or bad hosting. This is the first part in a series of guides on how to secure WordPress, so let start with something non technical.
1. Keep your WordPress up to date.
The developers do not patch old versions, period. Keeping up to date with new patches is essential to having a secure site and in most cases you just click the update button.
2. Keep your home computer and WiFi connection secure.
This seems obvious but keyloggers and malware on your home computer/WiFi can easily compromise your site.
3. Get your plugins and themes from the official repository.
It is no secret, plugins & themes downloaded from Google or any random site are infested with malware. A recent study showed 8 of the top 10 Google results for ‘free WordPress themes” have malware embedded in the code. Get your themes/plugins from a reputable source or the official repository. We only list exploits that are hosted on wordpress.org to better help the community. Getting your stuff from any random internet site is asking for trouble.
4. Choose a solid host.
A good host will not only back-up your site if your in a shared environment, but also prevent other sites on your server from cross infecting each other, which sadly is a common occurrence even with some of the larger hosts. They should also be competent enough to react to security issues directly through support.
5. Choose a really good password.
This is mostly a bad habit, but choosing a strong password is important. If you have problems remembering or losing your password, there are various browser extensions and third party applications that will do it for you.
6. Update your plugins and theme regularly
As you can see from the exploit section of this site, there are a lot of plugins with security issues, keeping them up to date with the latest developer patch is critical and simple.
Bring me to the good stuff.