Took some time last night to read through Miss 604's WordCamp Fraser Valley Liveblog to see what I'd missed. When I read Kulpreet's question, "... how many people with websites can go to www.theirwebsite.com/wp-content/plugins and actually see the list of plugins", I thought, Okay, I'll give that a try. Whoops! Lookit that! There they are! Plain as day!
First I read and applied many of the tips in the WordPress Security Whitepaper which Kulpreet mentioned in his talk. I also installed and ran the WordPress Scanner, a WP plugin (from the same guys who wrote the whitepaper) that performs a number of security checks of the site.
I also had a read through the 9 easy ways to secure your Wordpress blog.
So I am feeling a lot better now that no-one can browse my plugins directory, guess my admin user name, or any number of other nasty hacks.
You should do this too. Go. Do it now.
Hi Philip,
ReplyDeleteI'm very glad you implemented those tips. If you have any suggestions for good WordPress security please feel free to share.
I've posted my slides and a video from my presentation on my blog.
-k.s.