WordPress Security Tips

Jan 18, 2008

Matt Cutts has posted three security tips for WordPress users. Here's a quick overview:

  1. Protect your wp-admin directory with an .htaccess file
  2. Protect your wp-content/plugins folder with either a blank index.html or an .htaccess file
  3. Keep your WordPress install up to date by keeping tabs on the WordPress development blog

I was already doing item 1, though I don't currently handle IP white-listing (that's an appealing idea). Item 2 was something I didn't even know to do. When I checked to see if my plugins were listed, they did indeed show up. I have since corrected this issue. Item 3 is a no-brainer.

Matt also suggests removing the WordPress meta tag from your theme's header.php file (which I have also done). This particular "bonus" tip doesn't add a whole lot, but it at leasts cuts down on your broadcasting what version of WordPress you have installed.

No comments (yet!)

Leave a Comment

Ignore this field:
Never displayed
Leave this blank:
Optional; will not be indexed
Ignore this field:
Both Markdown and a limited set of HTML tags are supported
Leave this empty: