How To Make Your Wordpress Safer


Since version 3.0, WordPress software was downloaded over 6 million times. It’s becoming the most popular blog/cms script on the Internet. But the features of WordPress is increasing more & more, it mean that WordPress will get more bugs. The proof is: WordPress release new version due in security purpose frequently. In this post, I won’t suggest any too complicated tips. It’s very simple but it will increase your WordPress blog so much.

1. Make some changes in settings to increase security level of website

Because WordPress has popular & fixed structure of posts, comments, categories so that some people can write a software that it can automatic scan & post comment on any website based on WordPress. I suggest some settings below:

a. Turn off “Comment” features on website/blogs.

If you don’t really need communicate with visitor, I suggest you turn off “Comment” feature on your website by default. It will prevent any spam comment, anti any XSS exploit through comment feature. Version 3.3.1 was released due in XSS exploit of version 3.3. This bug was discovered in earlier version but it was still appeared because core of WordPress was updated so much & developer team can’t handle this bug well.

To turn off this feature by default, please go to Admin Dashboard with highest level administrator account, go to Settings > Discussion, uncheck on “Allow people to post comments on new articles”. You can still turn on this feature for each post in the future by individual setting on each post.

b. Activate “Askimet” plugin to filter spam comment if you still want turn of “Comment” feature.

Askimet is one of two default plugin on every WordPress version. It’s anti-spam plugin. As my experience, Askimet can filter over 97% spam comments. To activate this plugin, login to Admin Dashboard, go to Plugins page then activate Askimet plugin like all others. You will get introduction how to register Askimet ID.

c. Use external plugin as less as possible.

In every plugins, it maybe has unknown bugs. Please use highest rate plugin for any feature you want & update to newest version. It will prevent any know security bug. Use more plugin, it mean you will get more risk about security bug, that’s why I advice you use less plugin as possible. I recommended some plugins below, I think it’s enough for basic news/blog website:

2. Make your website don’t look like a WordPress web.

It’s good idea to forward hacker’s focus on your website if they want find any wordpress website to deface/hack. This idea maybe won’t affect on professional hacker but it can be useful on script kidding. That’s mean reducing the risk for your website.

The steps to make your website is different with origin WordPress website:

To do all steps above, you will need follow more than one article. I will write each step by a article so you can do it easier & better. Please click to the link on each step to read detail. If any step hasn’t link, it mean that I didn’t update article, please check it out later. I am trying to update by my best.