rubysecurity.org

Anecdotes from a Linux Systems Administrator. /root

Home About Books Blog Portfolio Archive
    17 September 2016

    Locking Down WordPress

    by Alpha01

    WordPress powers a shitload of websites. WordPress is an easy to use and powerful web application, yet it is wrongfully infamous for it’s security (or to many lack their off). This free e-book is a short Question/Answer paper from three different professional WordPress developers. Although the e-book was published in 2012, practically all of the content is still relevant. This book goes through a handful of common WordPress security questions. Some example questions include: What’s the one, overriding security essential that goes into every project you work on? If you had one piece of WordPress security advice to share, what would it be?

    All of which are uniquely answered by all three WordPress professionals based on their experience. One thing that I noticed is that most of the answers were mainly concerning WordPress in a shared hosting environment. I would’ve like to see tips regarding securing WordPress in a complex environment, and large high traffic/availability environment. As well as securing WordPress using third party tools like web application firewalls, though I can foresee this being somewhat out of scope.

    I have a solid understanding of locking down a WordPress application. Even, as seasoned as user, administrator, and up to a certain point a; a developer. I actually learned something really important on securing WordPress that I completely oversee. That is removing world/all readable access to wp-config.php, this is something that I completely never thought of, yet without this change anyone can easily grab your database credentials. Another good tip I got by reading this free e-book was on dealing with hosting providers.

    WordPress is like any other web application, yet idiots like to scrutinize it in a negative way. Almost as like if their shit doesn’t smell, but I digress. Like any other web application, it’s just a matter of keeping up with updates, restricting access, and having common sense of what third party code to integrate onto your application; will help you keep a your website secure and running without hiccups.

    Although much of the content is mentioned on the official WordPress security guides (https://codex.wordpress.org/Hardening_WordPress and https://codex.wordpress.org/FAQ_My_site_was_hacked) I’d highly recommend anyone using WordPress to read this free e-book.

    Rating: 3/5

    Locking Down WordPress

    Tags: [ wordpress security ]