WordPress has a bad reputation for getting hacked. It’s opensource, so anyone can figure out how it works and where it’s weaknesses are. And most new owners don’t take very basic measures to protect themselves because they don’t know how. So here’s an excerpt from my resource Essential WordPress Plugins to help guide would-be victims:
- Akismet comes standard with every Wordpress install. It prevents spammers from abusing your blog. Make sure it is activated ASAP! It does, however, require you to get an API key by registering at WordPress.org.
- AskApache Password Protect protects your blog by locking it down with a handful of extra passwords and .htaccess edits. Great at walling malicious password crackers.
- WP Security Scan scans your installation and alerts you to any major holes in your security that icky people might try to exploit. Did you realize that your default "admin" user is a liability? Or that your database tables should begin with anything but wp_?
I’ll take this moment to preen that all my WordPress-based sites come with these babies in place.