Improving the security of an installed WordPress

May 18, 2008

This weekend was a busy one, due the openssl security problem, I needed to regenerate ssh keys and openvpn certs. After this was I done I thought it is time to improve also the security of my blog.

I looked a little bit around and found the wp-security-scan wordpress plugin, which does a basic scanning of the security of the installation. It found some stuff I had not changed from the default install. For example, I tried to use the plugin to change the tables prefix, but that didn’t work for me, it complained always about missing alter privileges of the db user which was not correct. I then clicked on the link which explained how to do it by hand, but that broke my system a little bit. But I found following blog entry which show how to do it correctly, even how to get the cryptographp plugin working again afterwards.

I know not every blogger has the technical knowledge to secure their blog, but than they should look maybe for a hosted version. For all others with their self hosted blog: Take really a look at the plugin and correct the stuff it reports.

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 67 queries. 0.273 seconds.