wordpress points of security

I may be preaching to the converted on this but…

I like WordPress (in fact I like most .php-based products).

I’ve tried Ghost and thought it was meh. I’ve worked with Drupal and thought it was alright (if slightly over-engineered).

But I *like* WordPress.

However, the more time I spend with it, the more I realise that WordPress has shortcomings, here and there.

It’s a pros and cons argument.

Yes, there is a very large user community developing features and facilities for the (functional and non-functional portions of the) application.

And this is good. This huge, hardcore team of developers are continually turning the WordPress product in to a much more sophisticated tool.

But there are also some naughty people out there, attempting to bugger up some people’s WordPress installations.

Just for a laugh.

When I was in LA three years ago, one of my WordPress-based websites was hacked.

It was a relatively straightforward task to get in to the back-end and fix the website. It was just frustrating that it had happened.

Though, interestingly, I believe I would fix the problem in a much simpler way these days.

But here are a couple of simple golden rules that everyone should undertake to protect their WordPress environment:

  • log in as administrator
  • create a new user (with a non-obvious name)
  • promote that user to administrator
  • log out as administrator
  • log in as the new administrator user you have just created
  • delete the old administrator account

And while I’m on the patronising subject of the blindingly obvious:

  • never publish content from an admin account – use an author/editor role
  • change your passwords  frequently (and use a random password generator for security)

But don’t worry about deleting your admin user if you have been posting from content from it – you can just assign your new author/contributor user as owner of the legacy content, and then you don’t lose anything.

Maybe you already know these things.

But we’re never to old to learn, are we?

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *