WordPress security

Important:
WordPress releases security updates often. To ensure your site is up to date, download the latest version, or update your existing WordPress installation.

Keeping WordPress secure is important on IU Sitehosting, since a compromised site can affect other sites as well. The following are recommendations for keeping WordPress secure so that your site is not a target for attack:

  • Keep your WordPress updated to the latest version. Be sure to also update any installed plugins and themes. For instructions, see Updating WordPress.
  • Review the additional plugins and themes that you have installed on your WordPress. Check to see if those plugins or themes are being actively used, and if there are any known security risks of using that plugin or theme. Remove any unused plugins to increase the security of your site.
  • WordPress comes with a wp-config.php that contains sensitive information, such as your WordPress database's username and password. Check the following and make any necessary edits:
    1. Make sure the file permissions are set to only allow the owner to read or write to it. To do this, connect to the account with SSH (PuTTY/Terminal) and use a command similar to chmod 0600 web/wp-config.php.
    2. Open the file in an editor and verify that it has security keys included. To view an example of these keys, learn how to generate new keys, and generally learn more about how this increases your website's security, see Editing wp-config.php.
  • Make periodic backups of your database. For help, see About the MySQL for IU Sitehosting data backup and restoration policy.
  • Never have world-writable files or folders.
  • If you are setting up WordPress, consider using a table prefix other than wp_, which is commonly used and makes your database more vulnerable to attack.
  • Adhere to common security practices, such as:
    • Remove any unnecessary or unused users that have backend access to the site. Each additional user increases the risk of their credentials falling into the wrong hands.
    • Ensure that passwords are strong and changed with some frequency.
    • Keep your own devices updated with the latest security updates, including updates for any antivirus software. Devices with security vulnerabilities, especially those that are used to develop, can expose the site to malicious attacks.

For more information, see WordPress Security.

For questions or concerns, email Tier 2 Support.

This is document bfry in the Knowledge Base.
Last modified on 2021-09-08 10:19:33.