DragonDF
New Member
Interesting.
There are a few steps I haven't done. Specially about the name of the Admin and the admin login php file.
I think it is a good idea to CHANGE all your credentials every time you be KICKED from a server. Some info can be used in a "wrong way".
Some plugins I did not know, too.
Tks!
There are a few steps I haven't done. Specially about the name of the Admin and the admin login php file.
I think it is a good idea to CHANGE all your credentials every time you be KICKED from a server. Some info can be used in a "wrong way".
Some plugins I did not know, too.
Tks!
peterw
New Member
I like the autoupdate functionality of wordpress. But I set option to allow only minor upgrades in wp-config.php
Code:
# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
# Enables core updates for minor releases (default):
define( 'WP_AUTO_UPDATE_CORE', 'minor' );peterw
New Member
Wordpress is secure, the plugins are the problem. There is noone checking available plugins.
vRozenSch00n
Active Member
Well, WP and b2evolution are the children of the same couple
Great Ideas!
peterw
New Member
Found to other things you should check.
- Disable directory indexing on plugins folder
- Scan your themes for malicious code http://wordpress.org/plugins/tac/
wlanboy
Content Contributer
Chris Worley
New Member
Moving the configuration file from an obvious location helps too
Sent from my SCH-I545 using Tapatalk
Sent from my SCH-I545 using Tapatalk
peterw
New Member
Found on Wordpress Codex.
find /blogdirectory -type d -exec chmod 755 {} \;
find /blogdirectory -type f -exec chmod 644 {} \;
Check your file permissions: http://codex.wordpress.org/Changing_File_Permissions
find /blogdirectory -type d -exec chmod 755 {} \;
find /blogdirectory -type f -exec chmod 644 {} \;
Check your file permissions: http://codex.wordpress.org/Changing_File_Permissions
Hey,
Checkout this blog that talks about creating a plugin to secure wordpress sites. It could also be use to create secure discussion forums.
http://wisdmlabs.com/blog/develop-restricted-and-secure-wordpress-networking-website/
Checkout this blog that talks about creating a plugin to secure wordpress sites. It could also be use to create secure discussion forums.
http://wisdmlabs.com/blog/develop-restricted-and-secure-wordpress-networking-website/
k0nsl
Bad Goy
On my blog I've done some enhancements, most recently, that is to say a few months ago, I began proxying requests from Apache to nginx for everything which dealt with the backend (/wp-admin/*). So when I am not doing anything via the backend, I simply turn nginx off and it becomes unreachable. Nginx handles everything that has to do with the WordPress backend and Apache handles the rest
Works great.
Works great.
I stand by Wordfence. I've used it for quite a while and I've been impressed with how well of a job it has done.
I liked it when I used it for a little while, but it doesn't work with IPv6. If you have AAAA records the scanning service will use them, but it doesn't actually work with IPv6 so everything stops functioning. It was great otherwise.
wlanboy
Content Contributer
If someone missed it: Better WP Security Changing To iThemes Security.
If anyone is using it at all.
If anyone is using it at all.
AreebMajeed
New Member
WordFence is a better option
peterw
New Member
Why?WordFence is a better option