Is your wordpress website secure?
In the past I was always concerned with finding ways to secure my various wordpress sites that have come and gone. Over the years I just stopped thinking about it completely.
Maybe because there is such much support for it now or I've just put more trust in hosting providers. Whatever the reason...
Is it smart?
I would have to answer no. It didn't really strike me until I was having a problem with a theme I'm using and contacted their support. After Yen fixed my problem (Thanks!) they went on to tell me:
"Please check your wp_config.php file to ensure that the following are filled:
If you don't fill them, I can easily gain admin access to your WP site w/o knowing your password.
To fill them, just go to this link to generate a unique set of salts/keys.
Copy and paste them to your wp-config.php, replacing lines 45 - 52"
Thanks again Yen!
Should you stop there?
Not at all. I will link a section on the wordpress.org site in just a minute or two but let me say some stuff first.
Do not get paranoid. You do not need to use all the methods they will talk about.
Do not install every plugin they list and read into the ones they do list before you decide you want to use it. The first one on the list hasn't been updated in two years (Not a good idea to try it). The next two had been updated 'recently'. I didn't check them all however.
I would say 80% of the people that would want to damage or mess with your site out of the very small percentage that would even try; Would be people that really didn't know what they were doing in the first place. Basically if it isn't easy they'll move on. I call them 'Script Kiddies' personally.
I believe taking 'basic' safeguarding measures in a majority of cases is good enough. We really just want to avoid site takeovers and script kiddies.
Though I honestly have no idea what kind of security WA/SiteRubix hosting provides it appears to be very good. It does a good job of blocking people out that doesn't belong in the first place. It seems to be setup by country/region or area but again I have no idea.
That leads me to:
This has nothing to do with the hosting provided here. As I stated I believe they do an excellent job security wise from what I can tell. I've also only had one issue with my site thus far and they responded almost immediately and appropriately.
We as site owners have to make sure we take the steps necessary to safeguard our sites to the best of our ability. At the end of the day; If someone REALLY wants in, they will find a way. Though those people generally have bigger fish to fry.. ( Take a look at WikiLeaks if you really want to see what they are worried about )..
Don't be too paranoid. Make your own backups if in doubt. Though I hear the hosting here does a fine job of doing that as well. I have personally had bad luck on another host, even with my own weekly backups. It set me pretty far back one time.
Learn more about securing your website here: http://codex.wordpress.org/Brute_Force_Attacks
I hope you enjoyed this post.
-Chris
Recent Comments
5
Thanks for sharing Chris, I know I need to know this info, but I have no idea where to find the wp_config.php file.
No problem and sorry I forgot to mention the ftp part.
Welshy has a great video here on how to get and use an ftp client and connect to your site to see the file.
https://my.wealthyaffiliate.com/training/ftp-filezilla-connecting-to-domain-via-ftp
At about 4 minutes into the video you will see where he connects.
Open that main httpdocs folder he shows and scroll down until you see the "wp_config.php" file.
I personally just drag the wp_config file from the program shown in the video to my desktop.
Note: Make a second copy for a backup just in case.
I then use Notepad++ http://notepad-plus-plus.org/ to edit my files as it makes it alot easier to read.
After making the changes to wp_config.php you can drag the file back to the filezilla program that will be shown in the video to the same folder.
It will bring up a popup that says "Target file already exist".
Select "Overwrite" then click ok.
Should be all set after that.
-Chris
See more comments
Great post, thanks for sharing.