“HowTo: Secure WordPress”

BlogSecurity, the only organization that deals with social networking and web blog security has recently released a WordPress security whitepaper entitled “How to Secure WordPress“.

I haven’t finished reading the whole thing but I’ve already learned many things and gained more knowledge about securing WordPress installations. When I find the time, I’ll try to apply some of the things I’ve learned. One thing I’m really interested in trying out is the WPIDS plugin that detects intrusions. This is just an initial release so some aspects and topics were missed or weren’t fully covered. Expect additional topics and improvements in the next release or versions of this whitepaper.

Here’s what you’ll find inside version 1.0:

  • Table of Contents
  • Introduction
  • Installing WordPress
    • Accessing your WordPress tables
    • Changing your WordPress Table Prefix
    • Before Installation
    • Manually Change
    • Through WP Prefix Table Changer
  • Preparing the Blog
    • Changing your Admin Username
    • Create a new limited access user
  • Hardening your WP Install
    • Restricting wp-content & wp-includes
    • Restricting wp-admin
    • Block all except your IP
    • Password Required – .htpasswd
    • The .htaccess file
    • The .htpasswd file
  • MUSTHAVE Plugins
    • WPIDS – Detect Intrusions
    • WordPress Plugin Tracker — Are you updated?
    • WordPress Online Security Scanner

Anyone else read the “How To Secure WordPress” whitepaper? What topics or additional information should the authors add in the next version? Share your thoughts!

Download the “Hot To Secure WordPress” PDF.

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

6 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

JaypeeOnline