Wordpress security on LAMP

A few steps you can take that should help a fair amount (all are detailed further in the Codex's article on hardening):

  • Change the name of the admin account - it's hard to brute-force that password if you have the wrong user name.
  • Change the table prefix from the default of wp_
  • There's a plugin called WordPress Firewall that blocks a variety of items, including attempts at submitting requests including suspicious strings like "wp_" (the default database table prefix) and "../../../../". I've seen this cause problems with one plugin that was named with a leading wp_ (most use wp- instead), but I've also received multiple email notifications from the plugin of attack attempts.
  • Run regular backups, daily or weekly depending on how frequently your content changes. If you're using the standard backup plugin, it can email those backups to you. Keep in mind that depending on the tool you use the backups may not be encrypted; for encrypted backups you may have to do more fiddling in the guts of scripts.

Tags:

Wordpress

Lamp