Missing Features

The Wordpress folks have a great article on Hardening WordPress over on the codex. It covers strategies for securing your install in depth, and talks about general security principles.

But it really all waters down to a few steps that are painless to implement and will vastly improve the security of your WordPress install:

1. Force SSL for admin and admin login; add this to wp-config.php:
   define(‘FORCE_SSL_LOGIN’, true);
   define(‘FORCE_SSL_ADMIN’, true);
2. Add an Apache username/password prompt to the /wp-admin/ directory
3. Change the username for admin (in the database)
4. Setup WordPress for automatic updates and patch your core and plug-ins as soon as updates are available

Trackback URI | Comments RSS