Comments on: WordPress Security – A Comprehensive Guide

By: Vipin

Vipin — Fri, 16 Dec 2011 15:12:00 +0000

This is one of the best answer so far, I have read online. No crap, just useful information. Very well presented.Thanks for sharing with us. I have found another nice post over the internet which also explained very well, check this link…

http://mindstick.com/Articles/7c9b0acf-68a7-49b3-ad54-5c984a37d09c/?How%20to%20Implement%20Security%20in%20WordPress

By: Presents for Dads

Presents for Dads — Thu, 16 Jun 2011 04:26:02 +0000

One of my sites got flagged for someone sneaking in a phishing page… can’t find it with the File Manager tool in Cpanel (it’s the site’s main URL/~novoor1/index19.htm) – any iideas? Is this something that would have been caught by one of these scans? The web hosting company support person is aware of the issue and can’t find it either to delete, but the URL ‘works’ and brings up a phishing page…

By: PaulJ

PaulJ — Mon, 30 May 2011 23:07:07 +0000

Some of these issues are tested with this free security scan http://hackertarget.com/wordpress-security-scan/

I ran it against my hosted blog and found some serious issues. Its making me consider changing to a virtual server that I can manage.

By: Mark

Mark — Mon, 25 Apr 2011 03:42:07 +0000

Pretty good list of security tips. For those who don't think such tips are necessary to implement, check out this article about WordPress Security Statistics - that might give you some pause for thought. Here's another one for folks who think that there's no such thing as security through obscurity: WordPress Security Through Obscurity? . Thanks for the tips!

By: Jerry Fladdien

Jerry Fladdien — Sat, 23 Apr 2011 03:43:12 +0000

Are there any suggestions for hardening wp 3.1? or even 3.11? I’m hesitant to upgrade to 3.11 until I know all my plug-ins will work, but would be curious to know if the tips on security and links to the hardening info would also apply to 3.1 and/or 3.11 – thanks1

By: Mario A

Mario A — Sat, 29 Jan 2011 02:18:43 +0000

Fantastic article Remkus. Written for those who are not well versed in CSS. Easy to understand. Carefully chosen words. Fantastic. Thank you.

By: Eric

Eric — Sun, 19 Sep 2010 02:20:23 +0000

More Tips:
http://www.eukhost.com/forums/f38/wordpress-blog-11966/

By: Eyal Estrin

Eyal Estrin — Fri, 28 May 2010 15:35:13 +0000

Check out my step-by-step guide for hardening WordPress 2.9.2
http://eyalestrin.blogspot.com/2010/05/hardening-guide-for-wordpress-292.html

By: Remkus de Vries

Remkus de Vries — Wed, 26 May 2010 16:00:09 +0000

Nothing really. You just won’t be able to visit the wp-admin area, which is easily fixed by removing the wrong IP address from your .htaccess file

By: TechGyo

TechGyo — Wed, 26 May 2010 13:52:13 +0000

I’m confused with ht.access. What happens if I enter a wrong IP address or if my address is a dynamic IP?

By: Remkus de Vries

Remkus de Vries — Thu, 06 May 2010 16:54:42 +0000

Thanks Richard. That is exactly why I wrote this guide.

By: Richard Cummings

Richard Cummings — Thu, 06 May 2010 16:14:17 +0000

Remkus,

Most people simply implement WordPress without giving concern to security. They feel that WordPress is secure right out of the box. This is a great article to remind us of the extra steps for WordPress Security.

Thanks,
Richard

By: Patrick Curl

Patrick Curl — Tue, 27 Apr 2010 23:21:45 +0000

Thanks for the tips, they are especially useful after being hacked over the weekend. heck I’ve written plugins, and designed themes, and thought it couldn’t happen to me – even us more experienced wordpress geeks are prone to attacks..

I had a base64 encoded msg injected into the top of EVERY freaking php file on my server – which included 4 blogs… luckily godaddy has a good mechanism for restoring files to previous dates.. though their tech support sucks.

By: Robert Lamke

Robert Lamke — Sun, 25 Apr 2010 11:19:35 +0000

That is a very good post. I have several blog powered by wordpress. I used all steps mentioned in wordpress community to secure my blogs. After reading your blog I am more knowledgeable to secure my blogs. Thanks

By: Remkus de Vries

Remkus de Vries — Thu, 22 Apr 2010 11:20:07 +0000

Thanks for the compliment Jaypee and a nice plugin you mention there as well. Thanks!

By: Jaypee

Jaypee — Wed, 21 Apr 2010 20:00:53 +0000

Well written article! I hope more WordPress users will be vigilant and care enough to implement these security measures on their blogs. Btw, another security plugin that you can install along with the ones you already listed is the WordPress Firewall plugin. It detects remote arbitrary code injection, directory traversal attacks and SQL injection attacks and more. Really effective plugin.

By: Alkol

Alkol — Wed, 21 Apr 2010 11:27:47 +0000

thnks for all, nice object

By: Sholem

Sholem — Wed, 21 Apr 2010 09:57:25 +0000

I was told this by other people who use McAfee. I am running all the scans etc. now

By: Remkus de Vries

Remkus de Vries — Wed, 21 Apr 2010 09:55:12 +0000

I’m not familiar with McAfee Site Advisor, but if you get warnings when visiting your site in Chrome and Firefox as well, than most likely your site has been compromised. Be sure to you use the WordPress Security Plugins I mention to scan through your installation.

By: Sholem

Sholem — Wed, 21 Apr 2010 09:48:02 +0000

Thanks for this post – I am doing everything on it! McAfee Site Advisor marks my site as dangerous – any ideas why? I have contacted them, but until they get back to me I want to do anything and everything to fix this.

By: Remkus de Vries

Remkus de Vries — Tue, 20 Apr 2010 21:02:06 +0000

Thanks Rutger

By: Rutger

Rutger — Tue, 20 Apr 2010 21:00:59 +0000

Another great blogpost! Thanks.

By: Remkus

Remkus — Tue, 20 Apr 2010 19:41:19 +0000

It’s never too late to lock down. Just make sure you use the WordPress plugins I mention to check whether your security wall has been breached already!

By: DaniGirl

DaniGirl — Tue, 20 Apr 2010 19:33:10 +0000

Thanks for this, it’s very timely! I seem to be part of the odd QQ829.com attack from China and hope it’s not to late to lock down my site’s security.

By: Remkus

Remkus — Tue, 20 Apr 2010 18:44:23 +0000

Agreed, there is a bit of a learning curve on some of these solutions, but you come out so much stronger when you do decide to implement as many as possible. Glad you liked it!