Wordpress Blogging Security Tips

WordPress Blogging Security Tips

17 October, 2009 - 07:00 AM - 14 Comments

Always use secure passwords when creating admin accounts, passwords should contain 1 Alphanumeric (a-z), 1 special @,#,$,%,^,*..etc), 1 number [0-9] and even 1 upper case [A-Z].
Ideal passwords are like:

D!noSa0r
B@ngK0k
W*trw0rl3

You should also NEVER be using FTP to transfer files to and from your web server. (Every file and every password you type is clear text across the Internet)
You should use SSH or SCP or SFTP (Secure Shell, Secure Copy and Secure FTP) to transfer files and access your servers.
Using a free SCP client like WINSCP which has a Norton Commander like interface (source files on left and destination files on right), or PuTTY which connects via SSH are best and completely free.

If you use a Unix Web Server as your host (Debian, RedHat, Ubuntu…etc) SSH/SCP/SFTP should be on by default.
If you are using a Windows based hosting provider, you may have to contact your hosting provider and specifically request it or request access via Secure communication protocols.

I use Dreamhost, and you get to choose a Unix box, I have completely secure connections to my hosted web server.

Tips to Reduce Security Risks in Wireless Networks Ways to reduce security risk when working on insecure wireless networks in public access locations....
Web Site Security Basics Part 1 This article is for anyone who runs a web site professionally or as a hobby.Â It doesn’t matter if you...
PAYPAL Tips and Alternatives: PayPal Issues, Security And Usage Tips First and foremost, it is important for all current and possible future PayPal users to understand what PayPal is, and...
Manage All of Your Passwords Online Security with Clipperz Online Password Management and direct password login are rapidly becoming an essential in today's world, you need a password manager...
Don’t Know Enough About Blogging or WordPress? Just Ask Kim Review of Just Ask Kim, where technology and blogging come together effortlessly. ...

Written by Justin Germino (1514 Articles Published)

Working in the IT Industry for over 10 years and specializing in web based technologies. Dragon Blogger has unique insights and opinions to how the internet and web technology works. An Avid movie fan, video game fan and fan of trying anything and everything new.

Follow Justin Germino on Twitter @dragonblogger

Lauren

OMG.... I had NO IDEA about FTP!! I've been using Word Press for many years, and I always use a killer password (Roboform rocks!) and I've even figured out those new security keys you have to put in your wpconfig file, but wow...how basic is it that I did not know that FTP (the regular way) is not secure....

I do have WINSCP, so I guess I'll be using SSH from now on.

A big THANK YOU!!!!

share flag

spam
offensive
disagree
off topic

Nasif

I use filezilla... Is it safe? Can you tell me how to use filezilla in a secrue way?

Extreme John

There's a few tips in here that I never even considered, thanks for the heads up now I need to change a few things.
.-= Extreme John´s last blog ..Sunday Smash Link Luv, Twittley for Twitter, Yahoo Meme =-.

dragonblogger

Glad I could help

Mack@Foreclosures Las Vegas

Thanks for reminding us about security time and again. The passwords are crucial things and I am surprised to see few people taking it lighter. First of all passwords should never be shared, be it your wife, mom or son.. They are personal and should remain personal. Next is follow your steps in setting a tough password which contains alphanumeric and special symbols so that hackers cant break it. I am sure this rule not only applies to wordpress blogging but to the entire internet phishing concepts.
.-= Mack@Foreclosures Las Vegas´s last blog ..Commercial Real Estate Bubble =-.

Michael Aulia

Too many securities thingies that we need to do to secure our passwords on hundreds of web accounts lol
.-= Michael Aulia´s last blog ..How to backup Firefox, Safari, Chrome, Opera, and IE with FavBackup =-.

Brian@ Newsletter For Internet Marketers

I just downloaded and installed WINSCP. I'll play with it today. I've been using Core FTP lite but I don't know how secure that is.

I've seen others blog about not using FTP but you are the first one I've seen link to secure alternatives. Thanks for that.
.-= Brian@ Newsletter For Internet Marketers´s last blog ..News Related AdSense Site â€“ First Month = One Hundred Dollars =-.

No problem, WinSCP I have been using for years and is an easy to use SCP and SFTP client. It uses both secure protocols

April King

(let's try this again - stupid line breaks - feel free to delete my other comment)

That ties in nicely with a couple articles Iâ€™ve written about recently:

http://arstechnica.com/business/news/2009/10/30-ye...

http://www.wired.com/threatlevel/2009/10/10000-pas...

Interesting stuff â€“ adding a decent 2nd factor canâ€™t happen soon enough!

My wordpress is configured by default to mark 2+ URL's in a comment as SPAM, I weed through them manually. Thanks for the article links.

Tyrone | Millionaire Acts

Nice tips! I have a very hard password combination using letters, numbers, and special characters.

However, I am guilty of using FTP to transfer files on and from my hosting account.
.-= Tyrone | Millionaire Acts´s last blog ..Preparing Your Personal Financial Statement =-.

Heather Kephart

GREAT information, thank you! I took your direct advice and d/l one of the programs you suggested. So far so good!
.-= Heather Kephart´s last blog ..Imagination =-.

Kelvin Servigon

Hello fellow P50 blogger! :D

Your suggestion for creating password is a good idea. Thanks for that, I just changed my password now. LOL :D
.-= Kelvin Servigon´s last blog ..The Enormous Flood that Ruined the CalumpiteÃ±os =-.