I was wondering what’s the deal with Wordpress’s security. Is it really secure enough as people might think? I had to make sure so I searched the web to find any good security tips. I found several good tips but I think these two were the best ones.
1. Remove version string in header
It is recommended to remove version string within meta tag in your header.php
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
If you don’t remove it everyone will know your wordpress version and your blog could be prone to hackers who can exploit version’s bugs. The solution is to simply remove the code which displays version.
<meta name="generator" content="WordPress">
2. Put blank index.html in your plugins folder
If you type this URL into your browser www.yourblog.com/wp-content/plugins/, you will see all your installed plugins. Now hackers can see which plugins you’re using and exploit their bugs. To solve this problem you just have to put blank index.html into your plugins folder. This will deny folder listing and will show blank page.
The other thing you can do is to add Options -Indexes in your .htaccess file. This way you don’t have to manually add index.html file to folders like plugins.
I hope these tips will help you better secure your blog.
If you like this post, you could subscribe to full feed RSS. You can also subscribe by Email.
Niklas
Thanks for these tips. Just started my own blog and am scowering the net to figure out what I need to get done prior to being able to freely blog.