Understanding WordPress Hosting Security at the Account/User Level

Author Information

Phil.Garcia has 4 Published Articles

United States of America,
Scotland,
Dundee,
11 Dudhope Terrace,

Understanding WordPress Hosting Security at the Account/User Level

Posted On : Jul-23-2010 | seen (648) times | Article Word Count : 443 |

One of the first steps to understanding your security ecosystem is knowing what your responsibilities and limitations are as an account/user. If you are currently an account holder or user of a WordPress-hosted site, make sure you understand the following security features.

The most critical aspect of your online presence is security. If your website is not secure, it is vulnerable any number of attacks - fraud, identity theft, or an entire admin hack. A secured website requires action from both your host and your end, so it is critical to understand your security ecosystem.

One of the first steps to understanding your security ecosystem is knowing what your responsibilities and limitations are as an account holder. If you are currently an account holder or user of a WordPress-hosted site, make sure you understand the following:

File Permissions

A secure, shared environment with suPHP will require 755 permission on directories and 644 on file, and nothing higher. Unless you’re in a single-user/dedicated-server situation 777 permissions should never be used. 777 permissions potentially leave your account open to reads/writes from other users on the server outside the PHP environment. This includes malicious users that may compromise other insecure accounts on the server.

Server Level Password Protection

Your password protection requires HTTP “Basic Authentication” in addition to the backend authentication mechanism provided by your CMS script. Follow secure practices when choosing account passwords for your server’s control panel, FTP, and SSH accounts. Use random characters, 10+ characters in length. Try to avoid storing FTP and control panel passwords in popular FTP applications and built-in passwords managers in most browsers.

Block HTTP Access to Potential Targets for Malicious Users

Move /tmp and other temporary directories written by your scripts above your account’s HTTP Document Root. Alternatively, block HTTP access to those directories via Apache directives (.htaccess) or equivalent. For WordPress, avoid manually configuring access control by using the “AskApache Password Protect” plugin.

Hardening WordPress

Stick with the official WordPress Hardening Guide, especially if your site is deployed on a non-suPHP server.

Find a Secure WordPress Hosting Company

When you need a WordPress hosting company, you should find a fully-compatible, performance-tuned and secured host who focuses on high quality business hosting for WordPress. Rochen host owns and manages all of their own servers and hosting infrastructure, and upholds the strictest security requirements for WordPress hosting.

Rochen masterfully hosts WordPress-powered websites right out the box without any configuration hassles or permissions-related problems. Their performance-tuned and purpose-built platform is seamlessly secured for websites who require specialized WordPress hosting.

Easily install and manage your WordPress hosting account with Rochen, a web hosting leader for businesses and web masters throughout the United Kingdom and United States. If you are looking for high quality, reliable and completely secure WordPress hosting service for your site, then Rochen is your answer.

Re-Publish this Article

<h1>Understanding WordPress Hosting Security at the Account/User Level</h1> Author: <a href='http://www.articleseen.com/profile_Phil.Garcia.aspx'>Phil.Garcia</a> The most critical aspect of your online presence is security. If your website is not secure, it is vulnerable any number of attacks - fraud, identity theft, or an entire admin hack. A secured website requires action from both your host and your end, so it is critical to understand your security ecosystem.

One of the first steps to understanding your security ecosystem is knowing what your responsibilities and limitations are as an account holder. If you are currently an account holder or user of a WordPress-hosted site, make sure you understand the following:

File Permissions

A secure, shared environment with suPHP will require 755 permission on directories and 644 on file, and nothing higher. Unless you’re in a single-user/dedicated-server situation 777 permissions should never be used. 777 permissions potentially leave your account open to reads/writes from other users on the server outside the PHP environment. This includes malicious users that may compromise other insecure accounts on the server.

Server Level Password Protection

Your password protection requires HTTP “Basic Authentication” in addition to the backend authentication mechanism provided by your CMS script. Follow secure practices when choosing account passwords for your server’s control panel, FTP, and SSH accounts. Use random characters, 10+ characters in length. Try to avoid storing FTP and control panel passwords in popular FTP applications and built-in passwords managers in most browsers.

Block HTTP Access to Potential Targets for Malicious Users

Move /tmp and other temporary directories written by your scripts above your account’s HTTP Document Root. Alternatively, block HTTP access to those directories via Apache directives (.htaccess) or equivalent. For WordPress, avoid manually configuring access control by using the “AskApache Password Protect” plugin.

Hardening WordPress

Stick with the official WordPress Hardening Guide, especially if your site is deployed on a non-suPHP server.

Find a Secure WordPress Hosting Company

When you need a WordPress hosting company, you should find a fully-compatible, performance-tuned and secured host who focuses on high quality business hosting for WordPress. Rochen host owns and manages all of their own servers and hosting infrastructure, and upholds the strictest security requirements for WordPress hosting.

Rochen masterfully hosts WordPress-powered websites right out the box without any configuration hassles or permissions-related problems. Their performance-tuned and purpose-built platform is seamlessly secured for websites who require specialized WordPress hosting.

Easily install and manage your WordPress hosting account with Rochen, a web hosting leader for businesses and web masters throughout the United Kingdom and United States. If you are looking for high quality, reliable and completely secure WordPress hosting service for your site, then Rochen is your answer.
About the Author: Ethan Luke. <a rel="nofollow" href="http://www.rochenhost.com/wordpress-hosting.html">wordpress hosting</a> - For high perfomance Wordpress hosting, contact Rochen Host, a leader in reliable hosting and customer service. Article Source: <a href='http://www.articleseen.com/Article_Understanding-WordPress-Hosting-Security-at-the-Account-User-Level_26730.aspx'> http://www.articleseen.com/Article_Understanding WordPress Hosting Security at the Account/User Level_26730.aspx</a>

Article Source : http://www.articleseen.com/Article_Understanding WordPress Hosting Security at the Account/User Level_26730.aspx

Author Resource :
Ethan Luke. wordpress hosting - For high perfomance Wordpress hosting, contact Rochen Host, a leader in reliable hosting and customer service.

Keywords : wordpress hosting,

Category : Computers : Networks

Print this Article Send to Friend