Full Post
Comments
David wrote:
Good tips. to explore implementing.
I wish WordPress were taking such care to make each new release bug free and with well tested security. 2.9 has bugs in the stable release, you think they would have learned their lesson after last time....nope. :(
I wish WordPress were taking such care to make each new release bug free and with well tested security. 2.9 has bugs in the stable release, you think they would have learned their lesson after last time....nope. :(
27/12 21:53:17
Your comment
Please Use A Real Name. No Keyword Phrases and No Affiliate Links or Your Comment/Link Will Be Deleted. Due To Heavy Abuse This Is No Longer A DoFollow Blog. All comments are moderated before publication. Thanks For Understanding.
14/09: Wordpress Security
In light of recent events I managed to find time to look a lot more closely at the security of my Wordpress blogs and was surprised to find that although I had done a lot to square things away pretty well, there was actually a lot more that I could be doing.
Fortunately none of it is too difficult and hopefully this will save you some research time.
The most important thing to remember is to keep your installation up to date. It can be a royal pain if you use a lot of plugins because invariably the latest version of WP will cause issues with some of them until the plugin developers get around to updating their add ons too. However, that is just the way it is and it is better to keep your WP current than wait around for the occasional plugin to catch up.
I had long ago learned of some of the most obvious precautions to take with Worpdress but it is surprising how many people are unaware of many of them.
Protect your WP admin Area using .htaccess - Sadly this blog is no longer updated by its owner but this post is still a nice easy explanation.
Protect your plugins directory from snoopers. If you can type in the path to your plugins directory in a browser, so can everyone else. By doing so they can see a full directory list of what plugins you have installed. This is easy to remedy. You can either upload a blank index file to the directory or, if you are on Cpanel hosting, turn off indexes from there. Just go to index manager in Cpanel and you will see how you can turn off indexes for specific directories. Alternatively, you can add the following line to your .htaccess file:
Options All -Indexes
Now, these are just basic measures but they will deter many idle hackers who will move on to easier pickings. There are also various Worpdressplugins that you can use to beef up your security even further.
BadBehavior was a plugin that I resisted using for a long time as there seemed to be so many issues with it but I eventually gave in and installed it. Judging by the number of suspicious things it blocks, I'm glad I did and so far it seems to be functioning in harmony with everything else.
Other plugins you may find beneficial are:
WP Security Scan
Wordpress Firewall
Worpdpress Exploit Scanner
Anti Virus For Wordpress
Whether you choose to use one or all of the above, none of them will be a waste of time and all have helped me to ensure that my WP installation is as secure as I can possibly make it. The Firewall plugin has stopped several potential SQL injection attacks already. The Anti virus is a bit oversensitive at times but there are plenty of settings to fine tune its performance to suit.
There are other things you can do with htaccess too. For example, you can prevent access to your wp-config and you can also protect the htaccess file itself
tags: Wordpress plugins, Wordpress, Wordpress Security
Related Posts