WordPress 3.0 has been out for over a week now. If you have upgraded to it, you have already applied a huge number of security updates through this upgrade.
But, there is still a lot more you can do to secure your WordPress blog. As the WordPress platform gains popularity, so does the hackers trying to compromise sites running on WordPress.
Smashing Magazine has put together a nice collection of WordPress security tweaks. Some of them include
- Prevent unnecessary info from being displayed
- Force SSL usage
- Use .htaccess to protect wp-config file
- Blacklist undesired Users and Bots
- Protection from Script Injections
- Flight Back Against Content Scrapers
- Create a plugin to protect your blog from Malicios URL Requets
- Remove your WordPress version number
- Change the default ‘Admin’ username
- Prevent Directory Browsing
I would also add installing the ‘Login Lockdown’ plugin that protects your site against brute-force attack. You can also see some of the top WordPress plugins that address security issues in our list.
{via Smashing Magazine}
I remember reading about WordPress 3.0 and how many WP bloggers were satisfied using it. Its true with the popularity of WP on the rise and being so user friendly hackers can hack anytime. Website Defender WordPress Security Plugin is the latest for WP blogs these days.