Comments on: Securing WordPress

By: Good Afternoon from Holland, Pennsylvania | ionosphere

Good Afternoon from Holland, Pennsylvania | ionosphere — Sat, 08 Aug 2009 10:19:13 +0000

[...] Securing WordPress (socializedsoftware.com) [...]

By: Mark

Mark — Wed, 15 Jul 2009 02:55:53 +0000

Thanks for the tips, Turnerman.

By: Michael Badger » Harden your WordPress

Michael Badger » Harden your WordPress — Wed, 15 Jul 2009 02:53:28 +0000

[...] Hinkle at socialized software shares some resources to harden your WordPress installation. Unfotunately for him, he discovered [...]

By: Mark Turner

Mark Turner — Tue, 14 Jul 2009 14:44:29 +0000

Oh, and one other useful tip. I found that changing the file permissions on my wp-content/uploads directory greatly reduces the ability of bad guys to upload their own arbitrary code. I have a cron script which changes the ownership of this directory (and everything under it) to a user other than my webserver user.

Cheers,
Mark

By: Mark Turner

Mark Turner — Tue, 14 Jul 2009 14:42:58 +0000

A few more tips:

Be very selective about which plugins you use. One of the latest WordPress exploits targeted plugins that didn’t properly check their permissions. The latest WP 2.8.1 has corrected this issue.

If you are going to use plugins, I suggest you use one that filters bots from creating users on your site. Many exploits rely on having a valid user on your system.

Renaming your WP tables is also a smart move as well, as it confuses most bots.

Cheers,
Mark
http://www.markturner.net