May 18, 2008
This weekend was a busy one, due the openssl security problem, I needed to regenerate ssh keys and openvpn certs. After this was I done I thought it is time to improve also the security of my blog.
I looked a little bit around and found the wp-security-scan wordpress plugin, which does a basic scanning of the security of the installation. It found some stuff I had not changed from the default install. For example, I tried to use the plugin to change the tables prefix, but that didn’t work for me, it complained always about missing alter privileges of the db user which was not correct. I then clicked on the link which explained how to do it by hand, but that broke my system a little bit. But I found following blog entry which show how to do it correctly, even how to get the cryptographp plugin working again afterwards.
I know not every blogger has the technical knowledge to secure their blog, but than they should look maybe for a hosted version. For all others with their self hosted blog: Take really a look at the plugin and correct the stuff it reports.