WordPress security

Important:
WordPress releases security updates often. To ensure your site is up to date, download the latest version, or update your existing WordPress installation.

Keeping WordPress secure is important on Webserve, since a compromised site can affect other sites as well. Following are recommendations for keeping WordPress secure so that your site is not a target for attack.

  1. Update WordPress, plugins, and themes to the current version.
  2. Locate wp-config.php on your Webserve account and update the security keys. This makes your user passwords more secure by adding random elements to the password.
  3. Tighten file permissions on wp-config.php (i.e., chmod 600 wp-config.php). This file contains database information and security keys that would allow a hacker to gain control of your site.
  4. Review your plugins/themes and remove any that are not used.
  5. Back up your database often. You can set up a crontab and script to run backups weekly. There are also WordPress plugins that back up your database.
    Note:
    MySQL for Webserve has automatic backups.
  6. Never have world-writable files or folders; see Guidelines for file and directory permission settings on Webserve.
  7. Remove unused WordPress users and update passwords regularly.
  8. If you are setting up WordPress, consider using a table prefix other than wp_, which is commonly used and makes your database more vulnerable to attack.
  9. Keep your computer's OS and antivirus software up to date.

For questions or concerns, contact Web Services Support.

This is document bfry in the Knowledge Base.
Last modified on 2018-08-16 08:53:18.

Contact us

For help or to comment, email the UITS Support Center.