Comments on: Small Security Tipps for your WordPress Install

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Tue, 29 Dec 2009 16:32:42 +0000

@WPExploerer - Use the WordPress Firewall plugin to help guard against injection attempts.

Also, Jeff Starr of Perishable Press has a neat little trick to help guard against injections:
Protect WordPress Against Malicious URL Requests

I suggest using his 4G Blacklist as well. There's a link to it in his article.

By: WPExplorer

WPExplorer — Mon, 28 Dec 2009 23:41:49 +0000

One of my website got hacked recently with a link injection. It is all cleaned now, but I am still working to get it all secured nicely. Thank you for the tips.

By: サーバー移行とWordpressアップグレード | Nutspress

サーバー移行とWordpressアップグレード | Nutspress — Mon, 21 Dec 2009 01:47:49 +0000

[...] 移行のついでにデータベースのテーブル名を変更、ユーザーもAdminからこちらで設定したものに変更。このあたりはphpAdminでSQLを実行したり、直接データベースを触って値を変更したりしています。 Small Security Tipps for your WordPress Install [...]

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Sat, 21 Nov 2009 20:57:58 +0000

I think most people read posts like these and never really follow through with implementation. That's too bad because people's blogs get hacked every single day. No one likes the boring / technical sides of blogging (ok, maybe some do), but if bloggers think for a moment about how much time they actually invest into their blog (and money), isn't it worth taking a couple of days locking it down and protecting their investment? About the SSL admin login, there's a plugin out which forces SSL logins, but I never really understood why it's needed? After all, like you said, you can force the issue through the wp-config file. I feel the same way about the Google Analytics and Feedburner plugins, but that's another topic. I actually just wrote a post about logging into WordPress through SSL. I hope you don't mind the link, but I think it goes well with what you talked about here.

By: ken the tech

ken the tech — Wed, 18 Nov 2009 17:40:51 +0000

Thanks for the detailed process. Really helpful for anyone on it's first contact with wp

here another way of installing Wordpress through cPanel:

http://www.kensfi.com/how-to-install-wordpress-in-7-steps-using-cpanel/

Very good for everyone who's familiar with cPanel interface

By: Dan Smart

Dan Smart — Fri, 13 Nov 2009 08:41:20 +0000

Tomas yes it is simple enough to discover the wp-content name, however this step is useful in blocking automated tools that don't check.

By: Alex

Alex — Thu, 12 Nov 2009 16:04:21 +0000

Hey Thomas, that is true

By: Tomas Kapler

Tomas Kapler — Tue, 10 Nov 2009 18:11:28 +0000

just small comment about renaming wp-content - quite useless, when all files like images, css ... are in the same folder, so it take anyone about 1 second to find out what the new folder is, just by looking at any image address.

It would be better to redefine only plugin folder (and hope that you do not have security hole in your theme)

By: Alex

Alex — Tue, 10 Nov 2009 17:14:58 +0000

Hey Bryan, thanks for mentioning, but Frank already linked to the reference in the paragraph right under "Authentication Unique Keys". But it probably didn't stand out enough.

@all, glad you like the little tips Frank gave you! Compliments always welcome!

By: Bryan

Bryan — Tue, 10 Nov 2009 14:17:29 +0000

Wordpress.org has an api utility to generate random valid text for all 4 security keys:

https://api.wordpress.org/secret-key/1.1/

By: Indrek

Indrek — Tue, 10 Nov 2009 06:34:13 +0000

Thanks for these great tips. I actually hadn't heard about some of them so for me this article was very informative.

Off to securing my blog

By: Roseli A. Bakar

Roseli A. Bakar — Tue, 10 Nov 2009 05:49:01 +0000

Awesome tutorials Frank !

This post will help many wordpress users "protect" their blogs better.

By: EthanJ

EthanJ — Tue, 10 Nov 2009 00:07:51 +0000

Great post. Been using a couple of these for a while but I'm embarrassed to say I've tried the rename wp-content one. Thanks.