As some know, I was recently hacked. I lost a lot of stuff to the hackers who's goals were to replace my sites with bank data phishing pages.

One result of this is that I've become more concerned with site security and in particular WordPress Security. No site can ever be made completely secure and at the same time publicly accessible, but there are things that can be done to make it more difficult for hackers to attack your WordPress Blog, which might lead them to focus on easier prey.

The idea is the same as that of a car alarm. In and of itself a car alarm will not prevent someone from taking your car, but it might just convince them to take some other car that does not have an alarm instead.

I've been reading on the subject for the past few days and I'll be posting my findings here at Blog Strokes in a series of WordPress Security posts.

The first bit of advice i have for you is to be sure to watch for upgrades to the WordPress software and be sure to install them if they contain security patches. If you resister for a Blog Strokes Subscription, I'll keep you up to date on this by sending an email each time an upgrade with a security patch is released.

I'll only be emailing on upgrades in the 2.2.x + path because this is the only true upgrade path available To you right now. I know some people argue that new upgrades tend to have bugs in them, and there is always the issue of possibly broken plugins. But I now believe that these issues are minor in comparison with the potential of leaving a compromised installation in place.

Also I know that some will say that upgrading to the newest version in your current path (2.1.3 , 2.0.x) is sufficient, as WP is still posting security / bug fixes for these older paths. But the truth is that they are posting fixes for the live upgrade path more frequently and more diligently, so this is the most secure path for you.

So in a nutshell my first bit of advice is to upgrade your WP install to WordPress 2.2.1.

In the next post I'll discuss a technique for securing your sensitive config data from prying eyes.

Trackback URL for this post:

http://danemorgan.com/trackback/10
None
Login or register to tag items
 
Submitted by Dane Morgan on Tue, 07/10/2007 - 00:27.
Posted In
Tagged With
Like this?
Bookmark & Share:
StumbleUpon Submit to Mixx Save to Google Bookmarks Save to del.icio.us
Click, Copy and Link:
<a href="http://danemorgan.com/blog/wordpress/wordpress-security-big-deal">WordPress Security Is A Big Deal.</a>

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Restrict text by wrapping in [restrict:roles=<comma separated roles>] and [/restrict]

  • Links to specified hosts will have a rel="nofollow" added to them.

  • Highlight terms in this textarea.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]".
  • Use <fn>...</fn> to insert automatically numbered footnotes.
  • You may link to webpages through the weblinks registry

More information about formatting options

CAPTCHA
Please fill out this captcha to demonstrate your humanity.
11 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Niche Marketing / Comment / Reply / 10