Hardening Wordpress on IIS6
I am pushing a new Wordpress install (ver. 2.8.4) to a Win2k3 server. PHP is running via FastCGI and I have MySQL5 humming along.
What do I need to do to keep the average troublemaker from messing with my install once it goes live?
The Wordpress site does have some information however it seems very specific to Apache. What I am looking for are any issues that need to be addressed that may be unique or otherwise not obvious when hosting on IIS6 in particular.
The question is a bit broad to go into much detail. In general, though:
- Read Hardening Wordpress for great general tips specific to WP
- Read through applicable items in the Security Compliance Management Toolkit for items specific to Windows 2003 and IIS6.
- Become familiar with items on http://www.windowsecurity.com/
EDIT:
Something that I've had personal success with is to install anti-spam and anti-bot plugins. I am using akismet for anti-spam and WP-reCaptcha which are both working quite well (granted, I don't have the world's highest volume on my site...). Akismet requires a Wordpress.com API key which is free and easy to install. WP-reCaptcha requires you to register for reCaptcha keys for your domain.
EDIT to your Edit:
The info on the Hardening WordPress page is generic across server platforms, I didn't see anything in there that is specific to any particular OS. Is that what you're referring to? All the suggestions on that page are integral to maintaining security for whichever server platform you're running WordPress on. Specific TASKS involved with implementing their suggestions are platform specific. Take the suggestions and apply the Windows mehtodologies involved in order to secure it on IIS.