WordPress security

WordPress releases security updates often. To ensure your site is up to date, download the latest version, or update your existing WordPress installation.

Keeping WordPress secure is important on Webserve, since a compromised site can affect other sites as well. Following are recommendations for keeping WordPress secure so that your site is not a target for attack.

  1. Update WordPress, plugins, and themes to the current version.
  2. Locate wp-config.php on your Webserve account and update the security keys. This makes your user passwords more secure by adding random elements to the password.
  3. Tighten file permissions on wp-config.php (that is, chmod 600 wp-config.php). This file contains database information and security keys that would allow a hacker to gain control of your site.
  4. Review your plugins/themes and remove any that are not used.
  5. Make periodic backups of your database. For help, see About the New MySQL for Webserve data backup and restoration policy.
  6. Never have world-writable files or folders; see Guidelines for file and directory permission settings on Webserve.
  7. Remove unused WordPress users and update passwords regularly.
  8. If you are setting up WordPress, consider using a table prefix other than wp_, which is commonly used and makes your database more vulnerable to attack.
  9. Keep your computer's OS and antivirus software up to date.

For questions or concerns, contact Support Center Tier 2.

This is document bfry in the Knowledge Base.
Last modified on 2019-04-18 14:12:44.

Contact us

For help or to comment, email the UITS Support Center.