This document discusses various methods for hardening WordPress security, including:
1) Hardening the server file system and application software through techniques like locking down folders, restricting admin access, and updating software regularly.
2) Hardening the WordPress application through steps such as renaming folders, disabling admin links, and choosing strong passwords.
3) Recommending resources on WordPress security best practices and plugins.
2. Areas of compromise: File (server) system hardening Application software hardening ... and YOU! Security & Hardening - Introduction http://www.flickr.com/photos/nbachiyski/1463351154/
3. .htaccess is your friend Lock down folders Lock IPs from admin Secure your database Never (EVER) use root - good user security (http://bit.ly/17vo6y) Change up the defaults Server scans & security to prevent and monitor File change monitoring (http://snipit.me/u/11) Routine backups are your friend Lock down the server like with any other site Security & Hardening - System Hardening
4. Start with good resources Read reviews of other users Never be the first adopter for production level Write your own tools/plugins Keep software up to date (core, plugins, themes, etc.) Review changelogs on 3rd party code Monitor "hidden" files (.htaccess) for unapproved changes Routine blog scans http://bit.ly/JK5dw Need to know only Remove tell tale signs (meta, footer links, etc.) Change up the wp-content folder Security & Hardening - Application Hardening
5. Rename and Upload the WordPress Folder Disable links to the administration area Extend the file wp-config.php Move & protect the wp-config.php file Delete the admin User Account Choose strong passwords Protect the wp-admin Directory Suppress Error Feedback on the Log-In Page Restrict Erroneous Log-In Attempts Security & Hardening - App. Admin Hardening FYI source of this slide can be found http://bit.ly/MA32j
6. Login pages should be encrypted Data validation should be done server-side Manage your site via encrypted connection Connect from a secured network Don't share login credentials Maintain a secure workplace Physical Software Use multiple layers of redundancy for protection Security & Hardening - Application Hardening
7. This presentation - http://bit.ly/1FGGa WordPress Security Whitepaper - http://is.gd/nbjQ Lorelle on WordPress - http://is.gd/2v9K WordPress File Monitor - http://snipit.me/u/11 20 WordPress Security Plug-ins And Tips To keep Hackers Away- http://bit.ly/fim37 Security & Hardening - Credits http://www.flickr.com/photos/donncha/134015140/