Securing WordPress Blog Installation

Besides having secure passwords for my blog user and database connections, what should I do to make sure my WordPress installation is secure on my Linux shared server?


I think the best suggestions are well explained in the official "Hardening Wordpress" document:

https://wordpress.org/support/article/hardening-wordpress/

At the end, those are the same suggestions for every application out there:

  • Keep it updated.
  • Use good passwords
  • Reduce what information your are presenting (versions, server info, etc).

If you want to improve security with obscurity (not only thought it, but as an addtional measure), this document gives some ideas:

http://sucuri.net/?page=docs&title=wordpress-hardening


Ensure you haven't set the file permissions to 'chmod 777' as some guides will have you do. Go through and look at anything your web server account or group can write to, and ensure that they are only areas you expect to be dynamically updated (images, attachments, etc).