I had a member ask about security, and a particular WordPress Security product…

For some time, members have had access to a free tool a WordPress security product – WordPress Secure, in the downloads section.

It works by locking the /wp-admin/ directory, and only allowing access for a single IP address. To first log in, you log into the monitoring program, which then remembers your IP for subsequent visits. And by protecting the Admin section, you’re protecting the area where most of the potential for trouble resides.

However, it only covers one aspect of security. The much bigger question is, what do you need to do to really protect your WordPress blog?

Although I’ve written about the subject of WordPress Security, a great deal of problems can be avoided if you remember just one thing:

THEMES

Time and again, people download and use themes as if they were a cosmetic ’skin’ for your site only.

Nothing could be further from the truth.

The theme is every bit as much an actual, runnable piece of code as is any other part of WordPress – and if there is naughty code in there, the potential to do damage is enormous.

So get your theme from a trusted source (like ABTheme – and yes, I AM recommending my product – unlike most other theme designers, I read books on PHP security). And if you can, look at the source code to see if anything looks odd.

I’ve discussed what to do in more detail in some older posts, one on how to check security and one on what to do after your blog has been hacked.

Use a good theme, and you are well on your way to protecting your site. Other software can give you a sense of security, but monitoring your theme is the single biggest thing you can do.