When Office To-Go takes more than WordPress web site maintenance or a new project, we employ these security measures and recommendations.
1. Maintain headers/logos underneath 125 pixels high. It takes up valuable viewing space, specifically for laptop users, that is very best left for the excellent stuff to appear "above the fold." Take a cue from the major organizations, very simple logos accomplished nicely say it all. This is our #1 pet peeve - screaming logos and headers!
2. Use Strong passwords of 10 or additional characters and DO NOT use "admin" for a username. Generate a new user profile assigned to the administrator role, log back in with the new user profile and DELETE the admin file. It can't be stated strongly sufficient: use powerful passwords for WordPress and any other internet site which needs passwords. Use an on-line password generator.
3. BACK UP your web-site often and hold a copy on your pc and off-web site storage. If you have a very active web site, back up daily. You invest a lot of time and dollars on your internet site, don't skip this! The 1 total remedy that does it all is BackupBuddy, no other plug-ins back up your files, widgets, plugins and database. Will need to move your web site to a further host, this will do it in less than a couple of minutes!
4. Choose your plugins wisely, too a lot of will slow down your web page. Badly coded plugins are a hacker's back door into your web-site.
5. Install the WordPress Firewall Plugin. This plugin investigates internet requests with straightforward WordPress-certain heuristics to determine and cease most obvious attacks.
6. Move your configuration file one particular level above the root directory of your server (if you're operating WP in the root directory of your website as opposed to yourdomain.com/weblog subfolder).
7. Do not use wp_ as a prefix for your databases. Most internet hosting organizations are eliminating that default now but if yours does not, modify wp_ to anything else but that.
8. Install Secure WordPress plugin.
9. Install an anti-spam plugin such as WP-SpamFree.
10. Rewrite your .htaccess file to lock down your wp-admin directory by IP addresses. Add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx
previous post
next post