Over the course of the last couple weeks, I have been doing a lot of work with this site. I am trying to get it to run a bit leaner and meaner, trying to get it looking better, trying to get the functionality I feel my visitors are looking for and trying to make the site more secure.
Right out of the box, WordPress file permissions are pretty solid, but there are so many recommendations to change permissions that before long the unknowing blogger has created vulnerability atop vulnerability.
If you are running a Web site of any kind, you need to understand that any directories or files you have decided to CHMOD to 777 need to be above public_html. Any file or directory facing the Web and using full Read Write Execute permissions is a security risk.
How many of you have made the decision to CHMOD your wp-content directory, your plugins directory or your themes directory to 777? You are asking for problems, if you have. Directories should be set at 755 and individual files should be set at 644. Unless you enjoy having others crack your blog's security.
While I'm talking about WordPress security, let me ask if you are running the latest version on your own blog? If there is an update available, grab it up immediately and upgrade your site.
How many of you take the time to regularly change your passwords?
How many of you are using the Secret Keys in your wp-config file? It takes less than 60 seconds to get a set of phrases and add them to your wp-config file, making your site considerably more secure.
How about your .htaccess file? What permissions do you have set there? 777, so you can edit it from your dashboard? Or 644, so it is secure from malicious users?
How many of you have secured your wp-admin directory with .htaccess? It is so easy to install an .htaccess file there that will only allow you to access any of those files.
These are just some of the things you need to be looking into, if you're not already using them. Remember, owning and operating your blog is meant to be an enjoyable experience and not a nightmare. So get busy and get your site hardened against malicious attacks.
Related posts:
