WordPress Best-Practice Guide
We’ve noticed a lot of our customers use WordPress for on their web sites, for all sorts of applications, not just blogging. WordPress is a very versatile tool, which offers an easy-to-use interface, themes and plugins to produce professional looking web sites in a matter of minutes.
As with all third-party software that is available freely over the internet, these scripts are constantly being developed and tweaked by their software development teams to fix bugs, close security holes and improve features.
In order to best protect your web site, and prevent any files or data being lost through using out-of-date versions, we ask that if you’re using WordPress, to upgrade your copy to the latest version.
As of version 2.7, WordPress introduced a new self-upgrading version to make securing your web site even easier. If your version of WordPress is older than 2.7, then visit the official WordPress web site at http://wordpress.org, download the latest copy, and follow the upgrade instructions.
When this latest version is live on your site, when you log in to the admin section, WordPress will “call home” and see if there are any updates. If there are, it will tell you about them, and all you need to do is click a button to safely and securely update your WordPress web site.
There are a few other things that can improve your site, all available from the official WordPress site:
wp-cache:
This is a plug-in that creates static pages from your posts, and stores them in a special “cache” directory. If the post hasn’t changed, then WordPress will simply show the cached copy rather than querying the database for the version on there. This means that the page will load a lot faster, and your site appear smoother.
Askimet anti-spam filter:
This is a free anti-spam filter that is built in to WordPress, and is found in the Plugins section. To activate it, you need a key, which is available by simply creating an account at http://www.wordpress.com, or if you already have a wordpress.com account, by logging in, clicking on the “Your Dashboard” link, and then going to the “Profile” section. The API key is listed at the top of the Profile section.
Settings:
In the “Settings” section, you can do a lot of things to secure your WordPress web site:
- only allow comments if a name and email address are filled out,
- only allow comments from registered users,
- moderate comments,
- hold back comments if they containg 2 or more links in them (a common spamming technique).
Setting these options correctly will prevent a lot of issues relating to the speed at which your site runs.
Captcha plug-ins:
Adding a captcha will help prevent automated comment posts from spammers. A captcha is an image that displays a series of random letters and numbers, and you have to type those in to post a comment. To install a Captcha plug-in, go to the “Plugins” section, and click on “Add new“. Enter “captcha” in the search box, and WordPress will connect a central plugins database and show you all the available ones. All you need to do is read the descriptions, decide which one you want and then click on the “Install” link
We hope this article has provided some useful tips on running a WordPress web site more securely. Please feel free to comment on this