This document provides tips for securing a WordPress site. It recommends using a dedicated server or reliable shared hosting, keeping WordPress and plugins updated, moving and securing the wp-config.php file, using strong and unique credentials, and installing security-focused plugins like WordPress Firewall and WordPress Security Scan to monitor the site for vulnerabilities or exploits. Several specific plugins are also listed that provide functions like backups, scanning, and monitoring to help keep a WordPress site secure.

1. WordPress Security BasicsEast Bay WordPress Meetup 6/20/10Sallie Goetsch

2. Wait! Isn’t WordPress Secure?

3. Secure HostDedicated ServerVPSReliable Shared Hosting (NOT Network Solutions). “A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.” Matt Mullenweg

4. BasicsBack Up!Update WordPressUpdate Plugins

5. Check Your File Permissions

6. Move wp-config.phpUp one directory (WP will look for it there automatically)Best when you can move wp-config.php out of the public_html (or analagous) directoryDon’t do this with nested WP installs!

7. wp-config.php: Unique Keys

8. Username & PasswordNever use “admin” for your admin accountUse a strong password

9. Database Table NameChange from wp_ to something-else_ (or just choose something else to start with)

10. Bonus: .htaccess(Only works for static IP addresses)AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx

11. PluginsAntiVirus for WPAutomatic WordPress BackupSecure WordPressServerBuddyTheme Authenticity CheckerWordPress DB BackupWP Exploit ScannerWordPress File Monitor WordPress FirewallWP Security Scan

12. AntiVirushttp://wpantivirus.com/

13. Automatic WordPress Backuphttp://www.webdesigncompany.net/automatic-wordpress-backup/

14. Secure WordPresshttp://wordpress.org/extend/plugins/secure-wordpress/

15. ServerBuddyhttp://pluginbuddy.com/free-wordpress-plugins/serverbuddy/

16. Theme Authenticity Checkerhttp://builtbackwards.com/projects/tac/

17. WordPress Database Backuphttp://austinmatzko.com/wordpress-plugins/wp-db-backup/

18. WordPress Exploit Scannerhttp://ocaoimh.ie/exploit-scanner/

19. WordPress File Monitorhttp://mattwalters.net/projects/wordpress-file-monitor/

20. WordPress Firewallhttp://www.seoegghead.com/software/wordpress-firewall.seo

21. WordPress Firewall Notification

22. WordPress Security Scanhttp://semperfiwebdesign.com/plugins/wp-security-scan/

23. http://www.meetup.com/Eastbay-WordPress-Meetup/