WordPress Security Tips

Oftentimes, when a customer complains of their site being defaced or infected with malware, we will investigate and discover that they are using a CMS such as WordPress. The danger in using these packages, from a security standpoint, is that they are so common as to make a large target for malware writers. Combine this with their support for third-party add-ons and the rapid speed of development, and it’s easy to see how vulnerabilities can creep in.

If you’re looking for a quick and dirty security intro, here it is — Update, update, update. Check release notes for any vulnerability fixes; if you see any, it’s time to upgrade. In addition, audit your plug-ins. Third-party add-ons are often not checked as thoroughly as the core code. Just because a plug-in is popular doesn’t mean that it’s secure.

Having said that, when it comes to more comprehensive information specific to WordPress, we’d prefer to direct you to the experts:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/development/2009/09/keep-wordpress-secure/

As always, we welcome your questions and feedback!