I just read an excellent article about WordPress security [german]. It also linked to this article [english] which gives a pretty good summary of what an admin should (could) do.
I double checked and installed a few plugins:
- WP Security Scan – it scans the WordPress settings and highlights weak configurations
- WordPress File Monitor – monitors file changes and notifies about it
- Secure WordPress – removes information such as WordPress version, and sets more restrict permissions for updating.
- WordPress Exploit Scanner – checks the WordPress install for malicious code.
I have also installed HTML tidy as Firefox addon to verify the resulting HTML pages.
A quick check this morning got me a thumbs-up; everything is fine. Hurray!
Popularity: 1% [?]Tags: blog, security, wordpress