post

There are few easy things you can do to avoid being hacked on your WP blog or wordpress managed website.

Firstly, use a strong password – make it weak and eventually it will be compromised. Sort of thing you are looking for is 10 digits long with upper and lower case letters, some numbers and a few punctuation marks. For example: T2k..!9GGb486 would be good. Then check your work at somewhere like this or this.

Secondly, most CMS’s use a SQL database to store the content, so you want to harden the security there. Make sure that the SQL username for the blog / site allows access to only the blog. For example, you shouldnt have the admin for the whole of the SQL being used to run the blog. Once they gain access to your blog, they have control of everything else – limit the damage in other words. Once you have a specialised access, limit the privileges to only data not structure & admin, so just SELECT, DELETE, INSERT and UPDATE is necessary – you certainly dont want your blog to have any of : CREATE, ALTER, DROP, TRUNCATE or GRANT. Otherwise you could wake up one morning and discover your SQL has new databases and none of the ones you were expecting to see.

Thirdly, a few things with WP – remove the version number in the meta tag i.e. the generator. I believe there’s a plugin that will do that for you; remove a user to the blog called “admin” and last but not least, avoid calling any of the tables with the default “wp_” – use another prefix.

Implement some or all of the above and you are well on the way to peace of mind with your WP blog.