Wednesday, June 16, 2010

WordPress Security Whitepaper

SkyHi @ Wednesday, June 16, 2010

This document is work in progress and should be treated as such.


New Revision: v1.2 (Apr/08)


  • Table of Contents: 1
  • Introduction 2
  • Installing WordPress 2
  • Accessing your WordPress tables 2
  • Changing your WordPress Table Prefix 3
  • Before Installation 3
  • Manually Change 4
  • WP Prefix Table Changer 5
  • Preparing the Blog 6
  • Changing your Admin Username 6
  • Create a new limited access user 7
  • Hardening your WP Install 9
  • Restricting wp-content & wp-includes 9
  • Restricting wp-admin 9
  • Block all except your IP 9
  • Password Required – .htpasswd 10
  • The .htaccess file 10
  • The .htpasswd file 10
  • SPAM 11
  • Blog Encryption 12
  • Key Plugins 13
  • Disabling WordPress Errors 13
  • Removing the WordPress Version 13
  • Security Above and Beyond 14
  • WPIDS – Detect Intrusions 14
  • WordPress Plugin Tracker – Are you updated? 14
  • WordPress Online Security Scanner 15
  • The End 15

The full whitepaper is available in PDF format, please let us know if you require it in any other format.


Latest Revision v1.2 (Apr/08)



***PLEASE BE VERY CAUTIOUS USING ANY PLUGINS/TOOLS IN THIS WHITEPAPER. SOME OF THEM ARE BETA TOOLS AND HAVE NOT BEEN UPDATED FOR SOME TIME. SOME OF THE PLUGINS ARE KNOWN TO CAUSE PROBLEMS. FOLLOW THE PRINCIPLES BUT IT IS NOT RECOMMENDED THAT YOU RUN ANY OUTDATED OR BETA PLUGINS. IF IN DOUBT, PLEASE ASK!***


Original Version:



Credits