Build My Site for Free

Matt Cutts: That’s a very good question and the fact is that since Word Press is so popular and so widespread it is subject to a lot more attempts by hackers, especially people that have figured out that there are old versions of Word Press that are a little easier to exploit.

So the very first thing that I do is try to make sure that I always have my server patch up-to-date. You want to be running the latest version. I think as of this video that is 2.9.2, but already they’re testing out version 3.0. I’m sure that will have a lot more security as well.

The other big thing that I do is to change the HT access file, .htaccess, which is in wp-admin and you can basically say, you know what only a small number of IP addresses, the ones that I basically whitelist out explicitly are allowed to access my wp-admin directory.

What that does is it says, if you’re just coming from the general internet you can’t log in; you’ll get a 403 forbidden error. But if you’re coming from my home IP address or Google’s Corporate IP address, or maybe a small number of IP addresses that I’ve very deliberately chosen, then you are allowed to log in.

You’ll still need a password, and I try to pick a relatively long password. So that is the number one way that I protect myself. Besides being patched, try to make sure that you set something so that the hackers can’t get your admin directory unless they are coming from a very specific small set of IP addresses.

That might not be perfect, for example your web host happens to get hacked and people can read database passwords of other customers or stuff like that, that’s not going to protect you very much. But I would at least do those two things and that will help keep your Word Press, or any other piece of software, from potentially being hacked.