Comments on: How to Secure Your New WordPress Installation

By: site fr

site fr — Sun, 24 Jan 2010 17:01:28 +0000

un tres bon article, merci pour cet info .

By: WPbud

WPbud — Fri, 15 Jan 2010 04:09:18 +0000

Thank you for sharing. Very useful tips.
Will follow.

By: Jeff Starr

Jeff Starr — Tue, 24 Nov 2009 05:32:47 +0000

It depends on your server configuration. 400 permissions for the wp-config.php means that only the user (i.e., server) is able to read (and only read) the contents of the file. Aside from 0 (no access), a 400 setting is the most restrictive permissions level possible. Unfortunately, depending on how users are set up on the server account, it may be too restrictive.

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Sat, 21 Nov 2009 20:38:14 +0000

That sounds like good advice. I haven’t tried it yet though. You sure WordPress doesn’t have any issues with it?

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Sat, 21 Nov 2009 20:36:56 +0000

I definitely disagree with that statement.

Changing your database prefix to something other than wp_ could be considered security through obscurity.

I’ve seen through email alerts I have set up that someone tried to hack into one of my blogs through SQL Injection. They tried “guessing” that my database prefix was wp_.

They were wrong.

And if it were wp_, they just may of had a chance at cracking in.

By: John Hoff - WP Blog Host

John Hoff - WP Blog Host — Sat, 21 Nov 2009 20:31:37 +0000

Urda, SEO Egghead has a very simple plugin to do this for you: http://www.seoegghead.com/software/wordpress-table-rename.seo

To do it manually, you’d have to export your database to your computer, open it up with a text editor, and do a find and replace for all instances of wp_ with something else…..like clRE83f_ or something.

Then head over to the wp-config file and change the wp_ value listed in there to the one you changed it in.

Upload your new database and you’re done.

Always always always back up your database first. In fact, make a copy of the back up so you have a backup of the backup! LOL

By: Deb Phillips

Deb Phillips — Sat, 14 Nov 2009 08:02:24 +0000

I have a quick question regarding protecting the wp-admin directory. Since I'm not a coding expert, would someone mind clarifying how the "/full/path/.htaccess" should be modified if I've placed the recommended .htaccess file above the public_html folder? My blog is in a directory immediately below the public_html folder. The public_html directory is in the root of the website. I hope I'm being clear enough! Thanks for your patience and help! Deb

By: silvers

silvers — Thu, 12 Nov 2009 16:55:07 +0000

wow just realised that it’s Jeff that posted it.

sorry jeff, you deserve the praise and maybe i’ve just found a new webguy hero to worship!

nice one mate!

By: silvers

silvers — Thu, 12 Nov 2009 16:54:00 +0000

totally fucking sweet!!!

really really helpful stuff here. i didn’t really used to bother with protecting my sites cos i am new to it all and was just happy to get it up online. but now that i have got in to it all, this will be really useful if/when i end up making a wordpress site for a company, or in fact one for myself now that i am not such a noob.

another awesome post. you’re like superman or something. clarke coyier? chris kent?

By: Alex

Alex — Thu, 12 Nov 2009 16:20:52 +0000

Nice tips! We also listed some small security tips on our blog at http://wpengineer.com/small-security-tipps-for-your-wordpress-install/ a week ago.

Some vary from this list but some are the same. Funny that we had the same idea within a week. :)