(gs):Harden Wordpress

  • This page was last modified on December 21, 2010, at 15:55.
The (mt) Community Wiki is a collaborative project. Any (mt) Media Temple customer or employee may contribute. Not all articles and/or content have been tested for accuracy by (mt) Media Temple.

For officially moderated and tested articles, be sure to visit our KnowledgeBase.

From (mt) Community Wiki

(Redirected from Hardening Wordpress)

Contents

This document needs to be expanded and given more detail. Please help.

Hardening WordPress

  • A general overview to secure your WordPress blog from attack.

Security FAQ

  • A security FAQ as provided from the WordPress Codex.

Wordpress Security Tips and Hacks

  • WordPress security tips

20 Powerful WordPress Security Plugins and Some Tips and tricks

  • Just as it says, 20 WordPress security plugins and some more tips to keep the blog secure.

FAQ: My site was hacked!

  • A WordPress FAQ outlining general steps to take if you suspect your WordPress blog has been hacked.

WordPress Whitepaper

  • PDF whitepaper discussing security issues with WordPress.


Plugins

MUST: BulletProof Security

  • The BulletProof Security Plugin is a secure radio button form with options that you select for what level of .htaccess security you want for your root and /wp-admin folders. You can switch between (enable) all available modes – default .htacces security, bulletproof .htaccess security and maintenance modes in less than 5 seconds – ALL from within your WordPress Dashboard – No need to access your website via FTP or from your web host Control Panel to do anything more. (Advised by many WordPress experts).

MUST: WordPress File Monitor

  • WordPress File Monitor does a reasonably decent job to e-mail you each time files have been changed. tip: In the settings always choose hashtag. It is not a perfect plugin (it does miss some change changes in e.g. footer.php after an injection) but it will always warn about additions so you can always track back the references. For a more complete open source intrusion detection system take a look at tripwire: http://sourceforge.net/projects/tripwire/

MUST: login Lockdown

  • Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

WordPress FireWall 2

  • Guards against a lot of known attacks and e-mail you daily A LONG list of attacks on your site, useful to block bad IP's and gain insight in the type of attacks performed.

Exploit Scanner

  • Another WordPress plugin to scan the blog's database tables for exploits. It does not remove the exploits, that is up to the user.

WP Security Scan

  • A WordPress plugin designed to scan the blog for exploits and vulnerabilities. It does not remove any exploits, that is up to the user.
Retrieved from "http://wiki.mediatemple.net/w/(gs):Harden_Wordpress"