Xavier Media®

Recently many blogs hosted on GoDaddy and some other hosting companies offering shared hosting accounts have suffered from several hacks attacking self-hosted WordPress blogs, but also some other CMS. So to help everyone out there with their own WordPress blog getting their site more secure we've collected a few useful tips.

We love WordPress as a tool to simply setup a site or blog with some content so we use it for many of our own sites. The downside with WordPress is that it's so widely used by almost everyone so every time a bug or vulnerability gets detected the hackers start abusing it immediately (because they can take over so many sites with just one security whole). This is why it's important to make your WordPress blog more secure.

Change the secret key

In config.php there's a secret key used by WordPress for various stuff. WordPress will work even if you don't do anything with this secret key, but to make your installation more secure you should change this to something random. It's important that you really select something random here and not just a dictionary word with some numbers at the end. To create something really random you can use our password generator.

This is the code you should look for in config.php. Replace the blue text with your own secret key:

define('SECRET_KEY', 'we4KFDP7DDv(1vMd-+2%2c0b0'); // Change this to a unique phrase.

The administrator acount

The standard installation of WordPress will create an administrator account with user name admin. Hackers know this of course and therefore they always try to hack these kind of accounts since they already know the user name and they only need to guess the password in those cases where the admin account is used. Therfore you should always after you've completed the WordPress installation create  a new user account with administrator access and also turn off the administrator access for the admin account created by WordPress. To turn off the administrator access you go to Users > Authors & Users, select the admin account and change the role to subscriber. This way the hacker can't do anything if they hack the admin account To be able to change th role for the admin account you must log in as the administrator you created because if you're logged in as admin you can't change the role for that account.

If you would like to have some more help on securing your WordPress blog you can get some help from WPSecurityLock. They offer consultations and also sell ebooks on how to secure your blog.

About the author
Andreas co-founded Xavier Media® in 1996 and has since been involved in all kinds of development, marketing and making money online.