WordPress security

Important:
WordPress releases security updates often. To ensure your site is up to date, download the latest version, or update your existing WordPress installation.

Keeping WordPress secure is important on Webserve, since a compromised site can affect other sites as well. Following are recommendations for keeping WordPress secure so that your site is not a target for attack.

  1. Update WordPress, plugins, and themes to the current version.
  2. Locate wp-config.php on your Webserve account and update the security keys. This makes your user passwords more secure by adding random elements to the password.
  3. Tighten file permissions on wp-config.php (i.e., chmod 600 wp-config.php). This file contains database information and security keys that would allow a hacker to gain control of your site.
  4. Review your plugins/themes and remove any that are not used.
  5. Back up your database often. You can set up a crontab and script to run backups weekly; see Backing up your Legacy MySQL for Webserve database. There are also WordPress plugins that back up your database.
    Note:
    New MySQL for Webserve has automatic backups.
  6. Never have world-writable files or folders; see Guidelines for file and directory permission settings on Webserve.
  7. Remove unused WordPress users and update passwords regularly.
  8. If you are setting up WordPress, consider using a table prefix other than wp_, which is commonly used and makes your database more vulnerable to attack.
  9. If your WordPress users all have IU accounts, consider installing the CAS plugin.
  10. Keep your computer's OS and antivirus software up to date.

For questions or concerns, contact Web Services Support.

This is document bfry in the Knowledge Base.
Last modified on 2017-08-21 16:22:45.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.