Hardening Wordpress

I have started using Wordpress (instead of Blogger) in order to have more control of advertising; more templates, more plugins, etc. It was very easy to get started with..., however, this weekend the first test sites where hacked, so I am not sure if Wordpress was the right choice or not - still considering sticking with Django, or testing Drupal.

Anyway, although Wordpress does not have the best reputation for security, it may actually have been other user accounts on the shared hosting I rent that were cracked first - in that case I should consider swapping to a VPS instead of changing Wordpress.

Anyway, after some research I have decided to always install these plugins on the Wordpress sites, in alphabetic order:

• AntiVirus
• Login LockDown
• Login Logger
• Secure WordPress
• WordPress File Monitor
• Wordpress Firewall
• WP Security Scan

In a addition, I will be using these .htaccess files:

In the main directory of the blog:

Order Deny,Allow
Deny from all
Allow from xx.xxx.xxx.103

 In the wp-admin directory:

Order Deny,Allow
Deny from all
Allow from xx.xxx.xxx.103

Can not really be bother setting and managing passwords, so I'll use the IP instead. If I ever work on these from somewhere else, I'll just login to the cPanel and add those IPs too into the files. 


Since I will use this blog post as my own bookmark when setting up another Wordpress blog, I will also add the other "must have" plugins here:

• Google XML Sitemaps 
• Google Integration Toolkit
  
• Sociable 
• Evermore
  

I always install these from the WP Dashboard - so there is no need to include links.

That's it folks.