Securing WordPress Blog Installation

security linux apache-2.2

Besides having secure passwords for my blog user and database connections, what should I do to make sure my WordPress installation is secure on my Linux shared server?


I think the best suggestions are well explained in the official "Hardening Wordpress" document:

https://wordpress.org/support/article/hardening-wordpress/

At the end, those are the same suggestions for every application out there:

  • Keep it updated.
  • Use good passwords
  • Reduce what information your are presenting (versions, server info, etc).

If you want to improve security with obscurity (not only thought it, but as an addtional measure), this document gives some ideas:

http://sucuri.net/?page=docs&title=wordpress-hardening


Ensure you haven't set the file permissions to 'chmod 777' as some guides will have you do. Go through and look at anything your web server account or group can write to, and ensure that they are only areas you expect to be dynamically updated (images, attachments, etc).

Related

VMware - Create VM out of a current desktop
/var is using 91.4% of 3.99GB in new Ubuntu dedicated server from 1and1
lots of failed SSH login attempts - should I be concerned? [duplicate]
Why query params are not reaching the interface?
Is there an open source email client that will work with Exchange 2007?
Oracle difference between SID, DB Name, DB Domain, Global Database Name, Service Name, Service Alias and Instance Name
Redirect nohup to stdout
What alternatives do I have for telephony if my LEC says the Central Office has an issue?
Windows File Permissions and Attributes
How to properly remove lingering objects when -strict has been set on a large number of DCs for a long time?
High throughput meshed VPN to connect datacenter hosts
What is Kernel Times