Securing WordPress Right

Recently there has been some question as to how to best secure your word press installations. And despite not being an expert in this arena, I have had some success with my own settings.

Assuming you are using a sane FTP program such as Filezilla, you should be able to change permissions pretty easily. Generally right clicking on a file then changing the permission as follows, is a good place to start. This is of course, assuming you are working with a fresh install of WordPress.

For the ./ directory; 755. wp-admin, 755; wp-content,755; wp-includes, 555. But there is also your .htaccess file that is also just as important. Not all that many months back, I had a buddy who discovered just how important it is to protect your .htaccess file. Because he did not, his own urls were forwarded onto a spam site. And the spam site enjoyed the fruits of his search engine rankings. This article here, contains a number of solid hacks to make to the .htaccess files for wp-admin, wp-plugins and so on. This piece also has some strong suggestions for security plugins that I too, recommend.

Last but least, make sure you remove the name=”generator” line from your header and always keep Wordpress up to date. I also recommend using a good database backup plugin as well, then set it to a backup schedule.