5 Tips for Protecting Your WordPress Site
WordPress is one of the most popular blogging platforms out there – some say the most popular. However, it does have it’s fair share of problems. Fortunately, the Automattic team do a good job of getting fixes out there, and roll in new security measures into each new version. Once you’ve installed WordPress, you can do a few things to protect your blog, as listed below. (Note: the general tips apply to any blogging platform, but the anti-spam plugins are for WordPress sites.)
- Don’t use “admin”. Don’t use it as your admin user name. Doing this reduces the amount of effort a hacker has to put in (even if it’s via an automated script) to break into your site.
- Use strong passwords. Strong passwords do not have your dog’s name or your birthday or your name. Use a mix of upper and lowercase letters, as well as digits. The longer the better, but use at least eight characters altogether.
- Change passwords. Change your admin and all user passwords regularly. If you have other bloggers on your site, make sure they change passwords too. Most people can’t decide when to do this, so tell them. Ask them to change their password at the beginning of each month – or on the last day. It’s easy to build a habit about this.
- View your site regularly. This is to ensure that it’s running fine. A friend of mine recently found out the hard way that his hosting company changed the default setting on the web server of one of his sites. So instead of the WordPress index.php being served automatically, the old static home page, index.html, was showing. This cost him a month of advertising revenue from one network, because the network plugin couldn’t update the ads.
- If you have multiple sites, one way to manage them all quickly is to set up a list of their URLs. If the list is clickable, that’s even better. For example, Google Spreadsheet cells are clickable if a cell contains a valid URL.
- Another option is to use mind mapping software. Make each node represent one of your sites, then link each node to the corresponding URL. Go check out FreeMind and XMind, both of which are free, and one of the more powerful paid desktop versions, MindManager, has a 30-day free trial. (XMind also has a paid pro version.) Note that mind mapping is also a great way to brainstorm for writing content, or even just solving problems.
- Manual moderation. You’ll want to do this anyway, though it’s not enough. Get a plugin to help you.
- Automated moderation. For this you’ll need a WordPress plugin. (See section below.)
Some WP Anti-Spam Plugins
Kyle Eslick at WPHacks talks a bit about a few of the anti-spam options you have for a WP blog, including a new one called AntiSpam Bee. As well, here’s our take on your options.
- Akismet. Akismet, which is one of the more popular anti-spam options in WP, is only free for personal use. According to the site, if you’re making more than $500/month from your blog, you have to pay for a commercial API key. Otherwise, the API key is free.
- Spam Karma 2. The Spam Karma 2 plugin is free (but not GPLed). However, as of late 2008, it is apparently no longer being supported – at least according to the plugin’s options area in the WordPress admin panel. It still traps spam comments, but if you try to purge them, you might see database errors displayed. It still works, but the messages are annoying.
- AntiSpam Bee. Apparently AntiSpam Bee replaces your blog posts’ comments field so that the post cannot be auto-spammed.
- Trollguard. Trollguard claims that their free WP spam filter plugin can be trained by learning from which comments you delete.
- Bad Behavior. Bad Behavior is a plugin “for blocking link spam and the robots which deliver it.” So you use it conjunction with comment anti-spam plugins.
Make sure that you select a good web host that supports your anti-spam efforts.