Securing WordPress

With a growing number of small to medium sized businesses leveraging WordPress as their website content management system (CMS), security of WordPress installations has become an issue. The WordPress developers have provided a reasonable ‘hardening’ outline, available here, but there are a number of other steps you can take to enhance the security of your WordPress site.

There are four main area’s of WordPress security we will briefly address in this article:

  1. Host Security
  2. Version Maintenance
  3. Restricting Access & Permissions
  4. Encryption

Host Security

Your WordPress site will only be as secure as the web servers its hosted on. If you are hosting your WordPress site on a virtual hosting account then you need to take extra care in making sure you site is secured from both external (Internet) attacks as well as attacks from other users on the same server (Internal). I recommend considering a secure hosting provider which provides hardened server operating systems and secure upload mechanisms such as a SFTP and SSL. Your hosting provider should also make sure they are running current, patched versions of their Apache web server, PHP and MySQL database software. Be sure the discuss security concerns with your hosting provider directly.

Version Maintenance

Keeping your WordPress site up-to-date with the latest WordPress release is important not just for stability but also for security. The WordPress development team does a good job of Continue reading “Securing WordPress”