WordPress Best Practices – Security

admin — Fri, 27 Apr 2012 13:25:45 +0000

I am currently writing about WordPress Best Practices – particularly about security at the moment. Things that comes to mind when discussing security and WordPress range from ensuring that you are running the latest version of WordPress and all the WordPress Plugins that you make use of etc.

Here is a bit of a checklist:

Ensure that you are running the latest version of WordPress from wordpress.org as the latest version would have patches for exploits in prior versions of WordPress.
Ensure that you are running the latest versions of the WordPress Plugins you have installed as the latest versions would have patches for exploits in prior versions of the particular plugin.
Make use of HTTP Authentication to limit who can go to /wp-admin/ – this is especially useful if you are running a corporate site ontop of WordPress or just a personal blog.
Keep all WordPress source code, plugins and themes in version control. This allows you to do a “svn diff” or “git diff” and see what files have changed if your WordPress install has been cracked by someone remotely and they have modified files. Typically files that get modified these days include wp-content/plugins/hello.php and wp-content/plugins/akismet/akismet.php

Testing WordPress

admin — Mon, 24 Aug 2009 19:29:43 +0000

WordPress please don’t play nicely with mod_fcgid – please throw some errors like you love to!

Testing next with the heavy ‘woothemes’ theme.

Hello world!

admin — Sun, 27 Jul 2008 11:03:27 +0000

And welcome to my new blog. Much easier than upgrading my old movable type instance over on my old blog. Also a bit of a change to use a new domain name. Hopefully I will spend some more time blogging now.

Jacques Marneweck's Blog

WordPress Best Practices – Security

Testing WordPress

Hello world!