WordPress Security

June 15, 2014

It’s cool to see a lot of young folks setting up their blogs. Since last year we lobbied within the user groups to get university students blog & share their thoughts. Good sign, I see many who have started writing cool stuffs.

When we think of blogs, WordPress comes in mind naturally. I’ve seen many having set up their account on WordPress.com and customizing their web space to suit their likes. The good side is having no tension about hosting & WordPress maintenance. The underlying maintenance work is done by WordPress team. However those who adventure in running their own WordPress instance, say on a shared hosting or a Virtual Private Server, should spend more time in maintenance and securing their instance.

In fact, recently I came across a website running Joomla which was exploited & files were deposited on the server to allow “spam” being sent. This is a sad reality, I’ve seen many Web Designers setting up a WordPress & Joomla site for their clients but do not educate them of the pitfalls if they skip on a maintenance contract.

Well, anyway, this post is more about a WordPress plugin by Acunetix that provides clear-cut guidelines & easy fixes to a more secure WordPress instance.


Acunetix WP Security hides your WordPress version, removes WP Generator META tag from core code, and suggest various such corrective actions.

Another cool feature is the Live Traffic page that is available from the admin panel. One can see in real-time visitors accessing the various pages of the site.

Staying in line with web security, I should perhaps add it again, turn off “exposure” and “error display” in your php.ini, i.e,


Server tokens should also be turned off in the web server. For Apache,

ServerTokens Prod
ServerSignature Off

In case of Nginx,

server_tokens off;