WordPress Security Tips for Attorneys
Making sure your Lawyer site is secure is an important thing these days. WordPress is a great thing but its very possible hackers can get into your site and cause problems IF you make it easy for them. There are a few different things you can do right away to prevent some basic problems by making a few changes within WordPress.
#1- Setup a good WordPress security program such as Bulletproof Security and configure it to make sure your site is secure.
Download here – http://wordpress.org/plugins/bulletproof-security
#2- Disable Trackbacks & Remove xmlrpc.php File –
You should disable trackbacks and remove the “/xmlrpc.php” files. To do this, go to Wodpress admin panel ; Settings ; Discussions ; uncheck “Allow link notifications from other blogs (pingbacks and trackbacks)“. The “xmlrpc.php” file can be removed via FTP and WebShell file manager and is in the wordpress root directory.
In case you want to allow legitimate trackbacks, you should install the following plugins for blocking trackback spam:
#3- Remove the default ADMIN user name and replace with unique user name and also make sure you choose a very difficult password.
#4- Disable wp-cron in wp-config.php:
– Open your wp-config.php file with the File Manager Code Editor
– Disable the cron by going to the bottom of the database settings in wp-config.php typically found around the following line.
– Add the code below the line:
/** The Database Collate type. Don’t change this if in doubt. */
– Click Save
Now WordPress will not automatically run the wp-cron.php script each time your site gets a new visitor.
#5- Make sure to Update WordPress and all THEMES and Plugins. REMOVE Any plugins you are not using.
#6- Remove any older user accounts and make sure you check to make sure any new user accounts arent created.
#7- Get Better WordPress HOSTING – This can make a big difference when you have a host that cares and puts a big emphasis on SECURITY. WP Engine does this and I suggest using them for your webhosting needs.