Plugging the gaps in WordPress security
If you have a WordPress blog you should know that the default configuration leaves you vulnerable to a number of attacks. Fortunately it’s not hard to take the few steps necessary to greatly improve your blog’s security. If you’re the cautious type you can do a lot to build up your WordPress defenses.
Begin with the common sense steps you should take with anything to do with computers: use strong passwords and back up your data regularly. Another piece of general advice is particularly important with WordPress: keep your blog software updated to the latest version. The WordPress developers don’t fix security holes in older versions.
Even if you don’t do anything else, make sure to secure the wp-config file because it contains the access information for the blog’s database in plain text. Move the wp-config file one level up in the file directory. Also add the following to the .htaccess file:
Deny from All
You can let one of several WordPress security plug-ins help you with the rest of the heavy lifting. I found WP Security Scan useful.
Here’s the word on improving WordPress security from the WordPress folks themselves: Hardening WordPress.The information here assumes a moderate level of technical knowledge.
Here are some other sites that offer advice on WordPress security:
WordPress Security Tips and Hacks
11 Best Ways to Improve WordPress Security
10 Useful WordPress Security Tweaks
WordPress Security – A Comprehensive Guide
20+ Powerful WordPress Security Plugins and Some Tips and Tricks