Docstoc

Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays – Quick Security Tips For Your Blog

Document Sample
Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays – Quick Security Tips For Your Blog Powered By Docstoc
					        Alicia Lyttle & Lorette Lyttle of
      Monetized Marketing - Quick Security
               Tips For Your Blog
                              We’ve talked about backing up your website
                              (http://alicialyttle.com/?p=295) in a prior post. But here are some
                              quick security measures you can take to protect your website from
                              problems.


Here are some suggestions:
Always use an admin name other than “admin”
When you initially install WordPress you can choose the username for the main admin account. Do not
    use the default “admin”; choose something original instead. Brute force scripts (hacking scripts)
    trying to guess your password will assume the username “admin” is in place… Let them make that
    false assumption and keep them out of your site!
Alicia Lyttle & Lorette Lyttle of Monetized Marketing -

         Use a Secure Password.
         I bet you’ve heard this one before. You shouldn’t use the same password for all your websites and
         logins. You also shouldn’t have a simple password like your kid’s or pet’s name. Make your passwords
         long, over 8 characters, and use a combination of uppercase, lowercase, numbers and symbols for
         best protection.

         Change Admin Passwords Occasionally.
         Change all admin-level passwords. I say occasionally because the schedule really depends on your
         business practices. For instance, if you outsource your WordPress maintenance or administration to
         different people all using your main admin account, you would be wise to change your password
         more frequently that if you are the only admin.

         Delete Unused Accounts.
         If you have any user accounts on your WordPress installation that you are not using anymore, be
         sure to remove them.
Alicia Lyttle & Lorette Lyttle of Monetized Marketing -

      Register Domains Elsewhere.

      If you need to move your websites because of problems with your host, you’ll be glad to have your domain
      name registered elsewhere. This will allow you to quickly move domains by simply pointing the nameservers
      at your domain registrar to your new hosting service. (For example we get our domains
      at www.domaindiving.com and our hosting at www.gatorhostingonline.com)

      WordPress Security Plugins

      Secure WordPress (http://wordpress.org/extend/plugins/secure-wordpress/) beefs up the security of your
      WordPress installation by removing error information on login pages, adds index.html to plugin directories,
      hides the WordPress version and much more.

      Login LockDown (http://wordpress.org/extend/plugins/login-lockdown/) records the IP address and
      timestamp of every failed login attempt. If more than a certain number of attempts are detected within a
      short period of time from the same IP range, then the login function is disabled for all requests from that
      range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out
      of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel.
      Admisitrators can release locked out IP ranges manually from the panel.

				
DOCUMENT INFO
Description: We’ve talked about backing up your website in a prior post. But here are some quick security measures you can take to protect your website from problems.