This post is a very light version of a vastly more detailed post I’ve since written for Moz: The Definitive Guide to WordPress Security – I recommend skipping this post and reading that one instead 🙂
If a website is hacked, and starts hosting malware, viruses, phishing pages or anything else of that nature, it can have a seriously negative impact on your rankings (not to mention your users). While WordPress is a fantastic CMS, it requires a good bit of work to make it secure. Here are some quick links and tips to improve your WordPress security.
One of the quickest and easiest ways to harden a WordPress site (or any other site for that matter) against many common attacks is to correctly configure your .htaccess file (if you’re on an Apache server). Here are two fantastic blog posts that can help you to maximize the security of your site via your .htaccess file:
- The Almost Perfect Htaccess File for WordPress Blogs
- Top 5 WordPress Vulnerabilities and How to Fix Them
Beyond just the .htaccess file, there are numerous other elements to making a truly secure WordPress site. This handy post from Josiah Cole will walk you through the WordPress security best practices. Last but not least, don’t hesitate to go directly to the source on WordPress security…Wordpress themselves.
Beyond that, there are two other key elements I recommend; backing your site up regularly, and having some sort of firewall/security scanning service in place. For backing things up, I prefer Codeguard, and for the WordPress firewall and security scanning I’ve heard amazing things about Sucuri Security.
Of course, if you’re willing to make the investment, you can always use something like WP Engine. They’re an all-in-one hosting, backup and security service rolled into one. They aren’t cheap, but they’re hands-down the best option out there for WordPress hosting.
If you have any questions about WordPress security, I’ve made this kind of a hobby lately, so please don’t hesitate to leave a comment!