amuck-landowner

How to secure your wordpress blogs

DragonDF

New Member
Interesting.

There are a few steps I haven't done. Specially about the name of the Admin and the admin login php file.

I think it is a good idea to CHANGE all your credentials every time you be KICKED from a server. Some info can be used in a "wrong way".

Some plugins I did not know, too.

Tks!
 

peterw

New Member
I like the autoupdate functionality of wordpress. But I set option to allow only minor upgrades in wp-config.php

Code:
# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
 
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
 
# Enables core updates for minor releases (default):
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
 

k0nsl

Bad Goy
On my blog I've done some enhancements, most recently, that is to say a few months ago, I began proxying requests from Apache to nginx for everything which dealt with the backend (/wp-admin/*). So when I am not doing anything via the backend, I simply turn nginx off and it becomes unreachable. Nginx handles everything that has to do with the WordPress backend and Apache handles the rest :)

Works great.
 

zzrok

New Member
I stand by Wordfence. I've used it for quite a while and I've been impressed with how well of a job it has done.
I liked it when I used it for a little while, but it doesn't work with IPv6.  If you have AAAA records the scanning service will use them, but it doesn't actually work with IPv6 so everything stops functioning.  It was great otherwise.
 
Top
amuck-landowner