Ive used WP on a number of my own sites for a while but now Im doing one for a 'client' and the idea of decent security has come back to the front of my mind. Ive read the 'Hardening WordPress' article but to be honest it asks more questions than it answers:
WP Security Scan, which that article recommends, isn't available for the most recent version of WP. Since its littered with warnings about making sure you get it right for version it IS supposed to run with, I dont fancy just 'having a go' with a WP version it isnt supported on!
Similarly, WordPress Firewall has "not been tested with your current version of WordPress".
And to add insult to injury AskApache Password Protect has also not been tested with latest WP version.
Going down the list I come to Security through Obscurity. Nope, it isnt the best way, but since none of the above can work for me this is where Im at. First idea sounds sensible - 'rename the admin account'. And it says you can use phpMyAdmin to do it, great, I have that. But _how_? Nope, not a word.
Backups. At last, something that I can use - right I now have backups of my database and my file structure. Doesnt seem like a lot though, that the only thing I appear to be able to do to increase security is to simply copy files in case something happens! Surely security is an important enough issue that there should be plugins available that work on the latest release of WP, or at least instructions on how to manually perform the tasks these plugins do. Will WP3 remove some of this worry, or am I just thick :o(