Do you frequently log-in to your WordPress install over public WiFi networks? While it may seem like paranoia to some people, it’s really not a good idea to log into important sites over an unencrypted connection. There’s always a possibility that someone could be packet sniffing. If you run a high-profile blog, you might want to consider acquiring an SSL certificate. (A certificate is a sort of public key used to establish an encrypted connection.) With a certificate, you can log into WordPress with an HTTPS connection. This encrypts traffic between you and your server, making it impossible for anybody to intercept your password while you work from a café.
It’s a bit of a pain to set up SSL, but many web hosts will do it for you. WPWebHost, for instance, will configure SSL for you if you get a certificate. They run around $89/year (I know, what a racket…) from most certificate authorities, and some hosts will charge a small set-up fee. VPS.net, on the other hand, has a deal with Comodo where you can get a free SSL certificate as long as you are hosted by them. You have to set everything up on your own, though.
What do you do once you have a security certificate? There’s a Codex article on the subject. There are a couple of WordPress constants in wp-config.php that you can toggle on to force everything in the /wp-admin directory to be served over HTTPS, the login page most importantly.
You probably won’t ever have to worry about this, unless you run a very large blog or you like to work from a coffee shop across the street from a computer security convention. WordPress.com users are lucky; they can just go to https://wordpress.com/wp-login.php to log in securely.
