By popular demand….ok at least one person requested this…

Here’s a very rough list of all the pointers I recieved regarding WordPress security from some wonderful people on Twitter.   Most notably Jack Daniel, without his retweet, I’d still be in the dark.

…why do I say wonderful?  Well, they provided hints/tips before I’d RTFM or Google’d. Sure, I’d had a bit of an explore, but not extensive; I was just starting out really. To ensure I learn my lesson.. I thrashed myself with some twigs and set my twitter background to this…

I must not use Twitter as a replacement for thinking, reading the manual or Google

… without further ado here’s a list of the tips I got…

• rm -rf ~wordpress  
• wordpress security plugin – http://semperfiwebdesign.com/plugins/wp-security-scan/
• as above – http://wordpress.org/extend/plugins/wp-security-scan/
• wordpress hardening guide – http://codex.wordpress.org/Hardening_WordPress (This one is a bloody good place to start)
• Top 10 WordPress Security Plugins – http://graphicalerts.com/top-10-best-security-plugins-for-wordpress/
• admin ssl – http://www.kerrins.co.uk/blog/admin-ssl/
• login lockdown – http://www.bad-neighborhood.com/login-lockdown.html
• wikisystem 2 factor auth guide – http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-protect-wordpress-with-two-factor-authentication/?searchterm=wordpress

…and finally with no URL.. Run WP in it’s own VM.

Special thanks to

Jack Daniel ,  Security Ninja,  wikidsystems, innismir, Security_FAQs, hypatiadotca

Got other tips, resource, URLs, books, whatever… let me know.

Thanks