This document is work in progress and should be treated as such.
New Revision: v1.2 (Apr/08)
- Table of Contents: 1
- Introduction 2
- Installing WordPress 2
- Accessing your WordPress tables 2
- Changing your WordPress Table Prefix 3
- Before Installation 3
- Manually Change 4
- WP Prefix Table Changer 5
- Preparing the Blog 6
- Changing your Admin Username 6
- Create a new limited access user 7
- Hardening your WP Install 9
- Restricting wp-content & wp-includes 9
- Restricting wp-admin 9
- Block all except your IP 9
- Password Required – .htpasswd 10
- The .htaccess file 10
- The .htpasswd file 10
- SPAM 11
- Blog Encryption 12
- Key Plugins 13
- Disabling WordPress Errors 13
- Removing the WordPress Version 13
- Security Above and Beyond 14
- WPIDS – Detect Intrusions 14
- WordPress Plugin Tracker – Are you updated? 14
- WordPress Online Security Scanner 15
- The End 15
The full whitepaper is available in PDF format, please let us know if you require it in any other format.
Latest Revision v1.2 (Apr/08)
- » Read full whitepaper (.PDF)
- » Read full whitepaper – Simplified Chinese (.PDF)
- » Read full whitepaper – Italian Version (.PDF)
***PLEASE BE VERY CAUTIOUS USING ANY PLUGINS/TOOLS IN THIS WHITEPAPER. SOME OF THEM ARE BETA TOOLS AND HAVE NOT BEEN UPDATED FOR SOME TIME. SOME OF THE PLUGINS ARE KNOWN TO CAUSE PROBLEMS. FOLLOW THE PRINCIPLES BUT IT IS NOT RECOMMENDED THAT YOU RUN ANY OUTDATED OR BETA PLUGINS. IF IN DOUBT, PLEASE ASK!***
Original Version:
- » Read full whitepaper (.PDF)
- » Read full whitepaper (.PDF) – German Version
- » Read full whitepaper (.PDF) – Spanish Version
Credits
- Philipp Heinze – Primary Author
- David Kierznowski – Co-author
- Sarah Turner – Editor
- Sven Kubiak – German Translation
- Samuel Aguilera – Spanish Translation
- Andor Chen – Simplified Chinese Translation
- Flavio Copes – Italian Translation
- http://blogsecurity.net/wordpress/wordpress-security-whitepaper
