How to secure your WordPress installation

| November 13, 2008 | Leave a Comment shares several important tips to keep your WordPress install secure. Here’s a summary:

  • Your “plugins” directory is NOT secured by default!
  • Choose a strong password!
  • Rename the administrative account!
  • Backup your database!
  • Log all your $POST variables!
  • Plugins that need write access!
  • Encrypt all communication within “wp-admin” directory! (if possible)
  • Tighten up the file permissions!
  • Of course, update your WordPress!

The last one is the simplest and easiest to follow, especially with the release of WP 2.7. You should at least make sure that you upgrade to the latest version of WordPress.

The blog post also contains links to other articles on hardening WordPress and dealing with hackers, so read it now!

Related Posts

Tags: , , ,

1 Comment

  1. Anonymous Said,

    I have a feeling that the wordpressph Twitter account was hacked. A lot of spam posts lately, links to spam posts in the forum section of

RSS feed for comments on this post · TrackBack URI

Leave a Reply