Keeping your site secure or safe from hackers is not always easy but is something you need to be aware of. One thing I encourage you to do just in case your site is compromised is to always have a back up of your files and database. As a start, one plugin that can help with this is named BackWPup ( www.backwpup.com ). You can set this plugin to backup your files and database daily, weekly, monthly, or if you feel even hourly. But you can have it email it to you, save it to another server via FTP, or even save it to your DropBox account.

There are a few steps that you can take from the beginning when you first setup your WordPress site. The first thing to do is do not use the default table alias. WordPress by default will suggest that it use “wp_”. If you are only going to use the database for your site and not add any other tables I would suggest you take it off all together, but to make it even more secure use a different alias.

If you already have a site up and running and just want to take what you have now and make it secure here are the list of plugins and what they do:

• Change the login URL
  By default WordPress uses your URL / wp-login. To make it more secure  you can change the URL to be used to login. Sometimes people want /manger, /login, or /admin. Whatever it is that you choose you can use one of these plugins to change it from the default
  - Ozh’ Simpler Login URL – Link
  - Peter’s Login Redirect – Link
  - Custom Login and Admin URL’s – Link
• Limit Login Attempts
  By default WordPress does not limit that amount of tries to log into the Admin. It will instead inform the user instantly that it is not correct and allow them to try again. So using one or even both of these plugins will help you limit this and track what is going on
  - Limit Login Attempts – Link
  - Login LockDown – Link
• Find Out What Security Holes Your Site Is Susceptible To
  Run tests on your site to see what security holes may appear in your site. It is a full time job to stay on top of what the latest security risks are out there. So to help know what your problems are run one, or both plugins to evaluate your sites holes and close them up as you can
  - Ultimate Security Checker – Link
  - Secure WordPress – Link

These are just a few ways you can secure your WordPress site just using plugins. There are other ways that I may expound on at a later time but it requires editing code, editing configuration settings on the server, and even updating the .htaccess on the server.

Bonus Thought:
Another thing that I would encourage all to do that does not make your site a little more secure is in your robots.txt file that you have available to the search engines is to have them ignore your wp-content directory. There is no reason they need to go through these files. To do that you can add the following to your robots.txt file:
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /wp-login.php
Disallow: /*wp-login.php*
Allow: /wp-content/uploads

What plugins are you using to secure your WordPress site?

So, I’m going to do my part: I found a workaround that I think might work very well for a lot of people who run into this problem. It’s biggest advantage is that it is very very easy to try, and has almost no downside, even if it doesn’t work for your particular situation. In my case, I found that Apache did indeed have a lot of files open, including log files for all my VirtualHosts, all the libraries that httpd depends on, files from sites that are hosted there (though it seems to open and close those just fine), and a large buildup of hundreds of entries for /tmp that were open and apparently never got closed properly. In my case, the server in question has an uptime of over 2 years, and while “apachectl restart” runs at least daily for log rotation, it seems that doesn’t really close unused file descriptors. The workaround I discovered was running “apachectl stop” followed by “apachectl start” which fixed the problem completely for me, at least for the next year or two I hope. From over 1600 open files, after restarting Apache fully that way, it only reopened about 325 files. And the imap_open() calls started succeeding as they should.

One last thought before I hop off my soapbox: when you find an answer to a problem, and that answer was hard to find or was not well documented, do your part to remedy that for the next guy or girl to hit that problem, and post your solution somewhere that Google will find it. It makes the internet a better place for all of us, and makes us all more productive. Who knows, maybe down the road you’ll run into the same problem again yourself, and not remember how to solve it until you find your own post from years before, and it will be your own time you’ll save. I fully recognize that a lot of what I accomplish each day is based on work done by others that I have found and emulated, as they say, standing on the shoulders of giants. Each contribution to the body of human knowledge lets us reach that much higher, so when you can, add your bit and as we all do that, it adds up.

I’m getting excited for the upcoming Utah Open Source Conference 2009, Thursday October 8 through Saturday October 10. It’s hard to believe another year has gone by already. There are a ton of great speakers and events that I anxiously await. Not to make light of the conference presentations, some of my favorite parts are the social events, like the Boardgame Bash at the end of the conference. For a bunch of geeks, we seem to be a pretty fun crowd, I think. I also love that the UTOS folks take family seriously, and have family events on Saturday that are fun for the wife, kids, and other non-geek family members. There’s a healthy focus on bringing new people, and less technical people, into the Open Source fold, which I think is great.

This year, as soon as submission of abstracts opened, I tossed in a presentation for the first idea that came to mind, which happened to be about one of my favorite open source platforms, FreeBSD. Lo and behold, after the voting and committee meetings were over, I was one left standing, so now I’ll be presenting “Why FreeBSD is the Best Linux Distro*” at the conference. Of course, when I decided to run the risk of making a joke in a room full of highly technical purists, I knew I better use the asterisk and let them in on the joke: “* Yes, FreeBSD isn’t really a Linux Distro. It’s a different Operating System that has emulation for and binary compatibility with Linux and can run almost all the same programs.” Even though it isn’t really a Linux distribution, for me it serves the same purpose and I think it does a better job than the various Linux distributions I’ve experienced.

Anyway, early-bird discounts end on Saturday the 19th, and there are some 50% off coupon codes drifting around if you’re interested. There are codes you can get from speakers, any local Linux User Group (LUG), or other groups like UPHPU.