Making WordPress a Tough Nut to Crack

WordPress Security HardeningThe last thing you want is to wake up one morning, check your website and find out that hackers have cracked your security. WordPress is popular because it’s a great application, but popular applications are often subject to security attacks. That’s why we routinely apply over ten different steps to every WordPress installation we create or maintain that go a long way towards making your website secure from outside intrusions.

The Ten Commandments of WordPress

We’d like to tell you just what those security steps are and how you can implement them yourself, but this is not Moses coming down from the mountain with Ten Commandments. Some of our clients read the list of our security steps to help them fall asleep — they’re important, but they can also make your eyes glaze over. Suffice to say that one of the commandments is: Thou Shalt Have a Strong Password.

And Our Install Will Make It So

That gives you a hint that we make certain that WordPress is prompting you to do what’s right and sensible, based on prevalent Internet security risks. We have your best interests as our primary motivator and we’ve been around long enough to realize that time invested in solid security measures is time, money and embarrassment saved further down the line. We wish we could tell you that other web developers make the effort to do the same, but experience has also taught us otherwise.

So while anyone might be able to figure out how to install WordPress on their own, we recommend that an experienced web developer be involved in creating your security protocols, especially if you plan to be involved in any kind of e-commerce. Unless you’re an expert, you need help to make WordPress a tough nut to crack.

If You Must Read the Security Technobabble

For those of you who are determined to compare our security steps with those you’re already familiar with, here’s the technical geek speak on how we “harden” the security for WordPress:

  1. We install the application in a non-standard folder.
  2. We remove the installation files after installation.
  3. Files that indicate the version of WordPress are modified or removed.
  4. Unique authentication keys and password file codes are created for each installation.
  5. We delete the default administration account.
  6. Access to important files is restricted.
  7. Protections against “brute force” attack are installed.
  8. Weak passwords are verboten.
  9. Disable the debug mode where necessary.
  10. Prevent failed logins from indicating whether the problem is the username or the password.

And that’s just the first Ten Commandments of WordPress Security. There’s more to our typical security protocol for WordPress installations, but this gives you a good idea of the many things we do to make your website as secure as possible without making it difficult to use and access. Since the majority of these adjustments are “behind the scenes,” the end result is a website that looks good despite being built like a bank vault.