How To Make Your WordPress Blog More Secure

WordPress is widely hailed as the content platform of choice among the roll-your-own blog crowd. It’s free, it’s flexible and extensible, and it’s entirely open source. But just like most other open source software packages, it takes a little bit of knowledgeable back-end tweaking before your installation is truly secure and ready to face the millions of script kiddies on the web.

Google engineer and SEO guru Matt Cutts has posted a handful of tips for WordPress users to help make their blogs more secure. To wit:

  • Secure your /wp-admin/ directory so only specific IPs have access to it.
  • Make an empty wp-content/plugins/index.html file to hide which plug-ins you’re actually running.
  • Subscribe to the WordPress development blog and stay up to date with the latest patches.
  • Delete the version information from your theme’s header.php file.

There are dozens of other suggestions in the comments at Cutts’ site. Matt’s advice may seem trivial to the seasoned web programmer, but what’s obvious to some is often much-needed enlightenment to the masses. For more blogging 101, put Hardening WordPress at the WordPress codex on your reading list. There, you can learn about the most common vulnerabilities and how to side-step them.

Hat tip to Ryan "Don’t call it 27Bstroke6" Singel