If you aren't running the latest version of WordPress, upgrade now. Leaving your site on an old version is like keeping your door unlocked when you leave for vacation.
2. Use Strong WordPress Account Passwords
In addition to adding a secret key to your wp-config.php file, also consider changing your user password to something that is strong and unique. WordPress will tell you the strength of your password, but a good tip is to avoid common phrases, use upper and lowercase letters, and include numbers. It's also a good idea to change your password regularly -- say once every six months.
If you use a program like 1Password for Mac or Windows, you can store your password in your browser securely and also generate complex and secure passwords on the fly, which makes changing your passwords less of a chore.
3. Use Secret Keys in your WP-Config File
In WordPress, the wp-config.php file is the file that stores the database information that WordPress needs to connect its circuit, so-to-speak. This file contains the name, address and password of the MySQL database that stores all of your user info, blog posts and other important content.
Using a secret key, you can make it even more difficult for someone to gain access to your account.
Go to https://api.wordpress.org/secret-key/1.1/ and copy the results into this section of your wp-config.php file if you haven't already set up a secret key.
4. Keep Your Htaccess File in Check
Using a .htaccess file, you can set access limits to certain directories. You can tie those limits to a specific IP address, which means that only people from that location can access your information.
.Htaccess stuff gets pretty complex, but AskApache has the Ultimate Tutorial for all things .htaccess. This post from WPTavern also has some good tips (see tip #5).
5. Know Your File Permissions
Often, hackers are able to gain access to your site because you've left files or folders with permissions that are simply too liberal.
Depending on how you have installed WordPress, or the default practices from your webhost, the permissions for files and folders on your WordPress install may not be appropriate.
The WordPress Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the administrative page from your web host.
This page details more about how file permissions work and how to change them using a number of different systems.
Your Tips
This guide isn't meant to be all-inclusive, but an overview of things you can do to make your WordPress blog more secure. Share your own security best practices in the comments. Safe blogging!
For more technology coverage, follow Mashable Tech on Twitter or become a fan on Facebook
Series supported by Rackspace
