WordPress.org

Ready to get started?Download WordPress

Forums

Hardening WordPress for semi-geeks (2 posts)

  1. Chriswaterguy
    Member
    Posted 3 years ago #

    Semi-geek: I'm confident with managing plugins, except where the preferences get too complex. Our site has a tech volunteer who does good work, but his time is stretched, so I want to see what I can do by myself to make it more secure - and where help is needed, at least

    Background: We've never had our WordPress site hacked, and although we've got open commenting, spam is being handled nicely, thanks to the wonderful Akismet and Bad Behavior plugins. But I'd like us to be more secure now, rather than after an attack.

    Question - what are the easiest steps for security?

    I've found several suggestions & plugins:
    #1. Don’t use the admin account - DONE (the only one I've done). (I changed its permissions to "subscriber" - didn't see a delete option) (from Top 5 WordPress Security Tips You Most Likely Don’t Follow.)
    #2 Four more other suggestions at the above link. Restricting the IP isn't an option for us (we move around) and for the others, I'm not sure I've understood everything I have to do, and I'm afraid I'll break something.
    #3 HTTPS for /wp-admin/ - Administration Over SSL - that looks quick, easy... & probably important in this age of FireSheep.
    #4 Secure WordPress - makes a lot of changes I don't understand. I'm not completely sure that it won't break other functionality on the site, including social media plugins.
    #5 BulletProof Security - as above

    Before making a lot of changes, I'd like to be confident that all the changes are good. Suggestions appreciated!

  2. Personally, I'd stay away from third-party security plugins and just implement the security measures yourself.

    We keep a list of recommend security measures here: http://codex.wordpress.org/Hardening_WordPress

Topic Closed

This topic has been closed to new replies.

About this Topic