Site Tips

Securing your WordPress site

Reading the 9rules member feeds, I came across an article by Brajeshwar that I think everyone can benefit from. He describes how he found foreign code in the header file.

I woke up today morning to find that my site feed wasn’t validating and the XMLRPC was not responding when I tried to update MarsEdit. Upon doing a quick “View Source” I found a foreign code lodged on top of my site’s header. I knew instantly that it shouldn’t be there and that something is wrong.

Brajeshwar uses his own theme so he knew that code didn’t belong there. For the average WordPress user viewing the source code would be like trying to understand a language he or she does not speak. An example: for those that drive how many people can fix the car they drive if it breaks? Mechanics can but most people have to take the car in to be repaired. Same with a blog; many people use blogging tools but if something goes wrong are unable to diagnose and repair/resolve the issue.

Brajeshwar gives an easy to follow guide on the steps he used to secure his site, even sharing the code for an .htaccess file that prevents comment spam by denying access to no-referrer requests. Take a moment and read the article. You might learn something.

This article isn’t about WordPress being unsafe because honestly, all scripts will have vulnerabilities from time to time. Pay more attention to how quickly the company patches the security issues and informs their user base. When a patch is released, update your scripts as soon as possible.

This article is about paying more attention to your site than just posting entries. This is a situation the average user wouldn’t notice without looking for it. Just like a lawn has to be cared for in order to maintain it, your blog needs attention if your content is to remain safe, no matter what content management system you are using.