Wordpress and Security Guide

WordPress powers approximately 50% of all the websites online around the world. This means that it is a very attractive platform for hackers to try and compromise as it gives them the ability to take down many websites in just one go.
We’ve prepared this guide to help you understand the risks and threats as well as explaining how you can defend against them. 

Choose a custom username and strong password

The default WordPress login is “admin” and all WordPress hackers know this. Usernames can only be changed using phpMyAdmin after WordPress is installed so it is important to choose an un-common username when installing WordPress.
Assuming you are using Softaculous for installing WordPress, you may specify the username on the installation setup screen.
Good strong passwords are equally important for basic security of your WordPress. Choose a selection of letters and numbers not based on a dictionary word. Worried about how you might remember it? We suggest using RoboForm or LastPass tools in order to securely store all your passwords.
Do not use the same username and password as your hosting account or any other installed web application.

Perform updates on a constant basis

Update your WordPress installation regularly. We suggest that you check for updates at least once a week as WordPress developers frequently release new updates/patches to secure any security holes that hackers have exposed.
You can update WordPress from the admin area or you can update WordPress directly from within Softaculous. Please find a step-by-step tutorial here.

Back up regularly

Back up your WordPress blog regularly. This means that if you are faced with a hacking attack, you can quickly and easily roll back at any time. At Namecheap, we have two backup options available for you.

Recommended backups – CodeGuard

Our partnership with CodeGuard gives you an easy point-and-click method of backing up WordPress. CodeGuard will back up your entire account as well as scan the account for any malicious changes (from hackers) and alert you if it notices anything untoward. Namecheap customers get a significant discount on CodeGuard subscription services., and have created the guide How to backup WordPress site Using CodeGuard to help you get acquainted with this service.

Alternative method – Softaculous backup

Softaculous also has a backup option. Check Backup or Delete WordPress with Softaculousin How to Install WordPress using Softaculous article to learn how to use it.

Use themes and plugins developed by officially recommended suppliers 

Many themes and plugins are available for WordPress offering a variety of options and opportunities for your website. Here are our recommendations on which themes and plugins you should choose.

Free Themes – important note

If you wish to use free themes, we suggest you install only free themes that you can search for through your WordPress Admin area at Appearance >> Install Themes tab. These have all been vetted and approved by the official WordPress developers and are safe for use.
We do not recommend you download free themes from third party non-verified websites unless you are 100% sure the theme you are about to download is “clean”.

Free Plugins – important note

We strongly recommend you only use free plugins that are rated highly and have been recently released or updated. WordPress shows you the star rating and the latest updates for any particular plugin through the WP Admin area once you request for more details of a plugin you liked. A high number of downloads and excellent star ratings mean the plugin is used and liked by many other WordPress users and recent updates show that the developers are committed to keeping it secure.

Paid Themes and Plugins

The following sites offer paid themes and plugins and are reputable:

Security Plugins

We recommend you download and enable the following security plugins. These help keeping your WordPress website secure:
1. WordPress Firewall 2 
This WordPress plugin investigates web requests with simple, WordPress-specific heuristics, to identify and stop the most obvious attacks.
Main settings: 
1. You can choose options and actions that will be blocked by firewall.
2. Here, an email address can be specified to receive warnings and notifications from the plugin.
3. With this option, you can whitelist trusted IP addresses.
2. BulletProof Security 
BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website.
There are many options available with the BulletProof Security plugin, and you can find details using “Read Me” option. But the main one we are going to use is .htaccess protection that can be enabled with “BulletProof Mode” radio button for each .htaccess.
 3. Better WP secrurity.
As most WordPress attacks are results of plugin vulnerabilities, weak passwords, and obsolete software, Better WP Security will hide the places where those vulnerabilities live, preventing an attacker from learning too much about your site and keeping him away from sensitive areas like login and admin areas, etc.
Many different security options are available with this plugin, but you can simply enable basic security mode using “Secure My Site From Basic Attacks” (1.)
Or enable each separate option you need (2.) 

Optimization Plugins

Also we recommend the following top rated cache plugins to optimize the performance of your blog.
W3 Total Cache
W3 Total Cache improves the user experience of your site by improving your server performance, caching every aspect of your site, reducing the download times and providing transparent content delivery network (CDN) integration.
WP Super Cache
This plugin generates static html files from your dynamic WordPress blog. After a html file is generated, your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.

General Security Tips

Always connect securely to your website. When using your web browser, use a https:// connection. You can easily install one of our SSL certificates to secure and encrypt data between your PC/Mac and your website. Some hosting accounts include a free SSL certificate.

Use FTP securely too. Use FTPS instead of FTP when uploading. This encrypts your FTP connection and any data you upload to your website. You can learn how to use secure and non-secure FTP in the most popular FTP clients with a help of FTP related articles.

Enable CloudFlare. CloudFlare is a CDN (Content Delivery Network) that improves performance of your blog by serving it from CDN nodes around the world. CloudFlare also has security scanning built in as part of the service offered.
Namecheap customers can use CloudFlare’s entry level service free of charge. Paid upgrades are available for CloudFlare’s larger service plans. Click the CloudFlare icon in cPanel for more details.

Change your passwords regularly and keep them secure. Never used a dictionary word and always use a combination of capital letters, lower case characters, numbers, and symbols.
The tips provided above do not guarantee 100% security of your WordPress website. However, they drastically decrease chances of getting your WordPress installation defaced, hacked, or abused.

Refference namecheap.com
Labels:

Category

10 Resources for Designers and Developers 11 Big Tech Trends You'll See in 2013 12/12/12 56 Mashable Stories 60 second Video how to keep laptop work well 70th Golden Globes ads adsense Adsense Tips Advertising AdWords Amazon Android AngryBird Apple Apple's 2012 Year in Review Apps Apps to Spice Up Your Sex Life article Barack Obama Benefits of a Job Search Community Bill Clinton Bing Bitcoins Blackberry blogging blogging secret blogging tools book Book Review; Content Marketing for Dummies Building an Email List Business News Business tips Campaign Websites Celebrities Charlie the Unicorn Chrome Content Spoiler With Simple Animation Creative Ways to Use Your Favorite Running App CSS Design Competition for Kids Digital Media Resources dnt do not track download drive traffic Dropbox Tools e-commerce ebay Effects Social Networks email enterprenour blog Entertainment Expired Domain Business Facebook facebook hacker File Management Film Firefox for Andoid Friends Sex App Gadget Games Geeks george bush george w. bush gmail golden globes Google Google + (plus) Google API Google Capture Google Trends Google Wallet Google XPhone Guest Blog Post Guest Posting Guide to Super Bowl 2013 Betting Guide To: WordPress Development With Microsoft WebMatrix gyroscopes for optical image stabilization history Hopper DVR Horde Hot Advertising Trends of 2012 How to Backup Your Skype Chat & Audio Conversations Online With Simkl html Html 5 HTML Tool hulu Hurricane Sandy instagram's new policy internet Internet Marketing Internet users iOs 6 iPad iPhone Kim Dotcom Laptop LES link building Linkedin Malware Marketing predictions 2013 marketing tips Microsoft Microsoft Surface Pro Mobile App Websites Mobile phone Mobile web Mobile web design monetizing blog money online Motorola Music NBA Negative Target Fixation New year's resolution News nostalgia Notebook Obama Online Education Online Payment Online Stores Palestinian Statehood parental apps PC Jobs Photoshop for Retina Displays Pics Pinterest Plugin porn in vine President Obama's Speech at Vigil for Newtown Victims Promoting Yourself Via Print Publisher Radio Station Review Romsey RoundCube. mail. cpanel Russian Plane Crash Video Search engine security seff identity security SEO SEO 2013 Shop For Geeky Gifts Smartphone-Enabled Website social media Social Networks Social Sites for Families Softaculous software Spam SquirrelMail superbowl 2013 Tablet Teaching Tool Tech Technology Television The Most Reputable Company in U.S. Things I Learned About Tech in 2012 tips Tools twitter latest U.S. UN Vote Universe Unlocked iPhone 5 in the U.S. upgrade script US election US president vote us presidents video Video Conferencing App for Mac Video Marketing Videos Watercooler Ways to Stay Creative While Working From Home Waze web Web design trend 2013 web traffic webtools Wedding What Is Pinterest? White House Why You Should Say No To Multitasking Wi-Fi Smart Scale windows 7 Windows 8 Windows 8 Review Windows RT Review Wirelessly Monitors Your Driving with Dash WomenWeb Wordpress Wordpress Plugin Working From Home writing web Xbox Yahoo YouTube Favorite YouTube Updates