The goal of this post is, as the title states, to recap all of the different measures you can take to make sure that your WordPress blog is not the easiest target for those with malicious intent. After we look at how to make sure you are not the easiest target we will look at a few ways to make sure that you have not already been the victim of a malicious attack.
Another goal of this post is to find out other PlugIns and preventative measures that can help secure WordPress from malicious behavior. So if you think that something is missing from this post please let us know in the comments section so we can share it with everyone.
WordPress Security: Preventative Measures
These are the two easiest ways to keep your WordPress powered blog from getting on the radar screen of those with malicious intent.
The first way to help keep yourself the radar is to remove the WordPress and sometimes the theme designer links. I know we all love WordPress and want to give them their props, but the link in the footer makes your blog easy to find, and not in a good way. You can find out how to remove these links from your footer in the post: How to Remove the WordPress Footer Link
The second preventative measure you should take is to remove the WordPress generator meta tag. The WordPress generator tag displays what version of WordPress you are using to anyone who knows how to look at the page source of your site. Letting anyone with malicious intent know what version of WordPress you are currently using can give them the information they need to exploit any security weaknesses in that version of WordPress. You can read more about this topic in the post: How To Remove the Wordpress Generator Meta Tag.
Taking care of these two WordPress Security measures will help keep you off of the easy to find list.
WordPress Security: Scanning for Malicious Files
How-to-blog.tv recognized the need for a Plug-In that scans places in your WordPress install that are known to house malicious files that can cause your blog problems. The PlugIn we came up with is named WP-MalWatch, and the cost is FREE. Basically WP-MalWatch scans your WP-Content folder for anything malicious every night and you can make sure that everything is all good in the convenient dashboard widget. You can find WP-MalWatch on our site or in the WordPress PlugIn Directory.
- WP-MalWatch WordPress Security at the WordPress PlugIn Directory
- WP-MalWatch WordPress Security at How-to-blog.tv
WordPress Security: Live Scanning
If you still need more security there is a PlugIn that couples with a security service to provide you with live scanning. You can read more about SecurePress on the How-to-blog.tv website here: Wordpress Security: SecurePress.
