I’ll be updating this post as I find more and better explanations to hardening wordpress. The more secure, the better. Some things to keep in mind when you are trying to secure your wordpress installation.
- Be careful when saying a security measure is “not worth the time” to do it. If it takes 5 minutes to do, then it’s almost always worth it to do it.
- It is always worth doing something that will prevent those rare cases. Just remember that most default settings will already protect you from the common cases, it’s those rare ones that get you.
- “Simple folk” not understanding things is not an excuse to not do things.
WordPress codex has many good solutions. This post is will only repeat those solutions if there is more explanation.
http://codex.wordpress.org/Hardening_WordPress
Move your wp-config.php file
- If your server runs into some trouble (no hackers required) it can get reset and/or display php files in plain text without going through the interpreters. .htaccess files could also be bypassed by some server problems. A good example is in the link below where it was a common bug on a certain host.
- This is your most sensitive file. Any security measure for this file is worth it if done right.
- http://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial