Increased Security
Posted: Sat 13 April, 2013 Filed under: D4D™, Geeky, Getting Organised, People, Security, WordPress 1 Comment »At the moment, there is a huge attack going on against blogs using WordPress.
It’s primarily attacking the blogs who’ve kept a lot of the default settings – particularly keeping the primary user as “admin” with weak/known passwords – but still, it’s better to make sure that things are secure.
D4D™ has always been on an altered install of WordPress – mainly because I’m really bad at leaving things alone – so I’m less concerned about it, but all the same, I’ve added in a couple of security plugins just to reinforce things. I’m also making use of Cloudflare to add another level of security.
It’s going to make things interesting for a lot of Blog Owners on the WordPress platform, though. Basically, if you’re on WP you need to :
- Make sure you’re not relying on the “admin” user
- Add a new user to WP , give it admin rights (and a strong password)
- Set “admin” to have the lowest possible permissions (contributor), or delete it completely.
- If possible, make sure your database isn’t using the wp_ prefix for all wordpress tables.
- Use Cloudflare or similar
- Install the Limit Logins plugin
- If you know what you’re doing, also install the Extend WP Security plugin
- Take backups!
There’s other stuff along the way, but those really are the key points.
Good tips! WordPress seems to be constantly under attack, which has made me a bit of a blogspot fan – even if it does invite scything criticism from my peers 🙁