It takes only few clicks to install WordPress. But making your installation safer and securer needs further tweaks and checkups. Here a list of things I will go though when a WordPress installation is submitted to me for security enhancement. You should do this too.
Tag Archives: Security
Seriously! How to Remove WordPress Version Number
A lot of us know that, “removing WordPress version number” is a fairly popular security trick. The purpose is to hide the WordPress version number embedded in the final rendered HTML code, so to reduce the risk of being targeted by hackers for known vulnerability.
Whether this trick has anything to do with security is still a myth, let’s take a look at how it works.
WordPress Security Tip: Lock Down File Access
WordPress is more than regular website, it is a Content Management System. It has more than 1000 files out of the box. After installation extra themes, plugins, and other uploads. There are few thousands of files under one roof. Default WordPress installation only setup basic file and folder permission. There are certain files you don’t like to expose to anyone. As one of the security tips, locking down public access to these special files is crucial.
WordPress Security Tip: Delete ReadMe after Installation
Finally, we upload the final touch-ups to the website and make the site go live. Before releasing myself from the project, I go over the usual routine for every site developed by our studio, or special request from clients. The routine is a security enhancement. One of these security enhancement, it to delete unwanted & unnecessary files.
Better Way to Defeat WordPress Brute Force Attack
It should be well-known throughout the WordPress community, that WordPress-powered websites are being targeted with brute force attacks. It targets website that still use “admin” as the primary administrator’s user name, with variation like “adm”, “administrator”, “admin1”, “Admin”, etc. The attack was peaked in April this year, but it didn’t stop. My website was under Brute Force Attack just few days ago. I got lucky, not because I don’t have “admin” account, but because I have better protection.
