WordPress is a very popular content management system for community news/info sites. But since it's free and open source, it's also a popular target for hackers. Here are some common WordPress security myths, and a checklist for securing your WordPress installation.
WordPress security expert Anders Vinther published a list of 10 common myths about WordPress security, with links to more details:
- WordPress is not secure.
- Nobody wants to hack my blog.
- My WordPress site is 100% secure.
- I only use themes and plugins from wordpress.org so they are secure.
- Updating WordPress whenever I log in is cool.
- Once my WordPress site is setup my job is finished.
- I'll just install xyz plugin and that'll take care of security for me.
- If I disable a plugin or theme, there is no risk.
- If my site is compromised I will quickly find out.
- My password is good enough.
Have you caught yourself saying or believing any of these things about your community site? If so (or even if not), you might want to download Vinther's free WordPress security checklist.
Working through the steps in this checklist takes about five hours total -- but that time is well worth the effort if you want to protect your site and make sure it stays protected. The tasks don't all have to be completed in one sitting; you can do them over a few days if you like.