10 ways to secure your WordPress administration panel

January 27, 2009 | No Comments Yet

Sergej Müller and Alex Frison on Smashing Magazine have written a 10-step guide to protecting and ensuring your WordPress admin area is as safe as can be. Here’s the list:

  1. Rename and upload the wordpress Folder
  2. Extend the file wp-config.php
  3. Move the wp-config.php file
  4. Protect the wp-config.php file
  5. Delete the admin User Account
  6. Choose strong passwords
  7. Protect the wp-admin Directory
  8. Suppress Error Feedback on the Log-In Page
  9. Restrict Erroneous Log-In Attempts
  10. Keep Software Up to Date

Read the whole thing here.

It’s best if you perform these safety measures right after installing WordPress, and add it to your routine in case you’ve got a slew of WP-powered sites.

Leave a Comment | Tags: , , , , , , ,

WordPress 2.6.2

September 9, 2008 | No Comments Yet

WordPress 2.6.2 is a security release which tackles problems with SQL Column Truncation and mt_rand().

Since WordPress 2.6.1 was an optional update—first time in the history of WordPress—is WP 2.6.2 the same way? Here’s the answer:

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.

The dev blog also notes that this vulnerability is also applicable to other PHP-based applications.

Aside from security fixes, WP 2.6.2 contains a number of bug fixes as well.

Download WordPress 2.6.2 now.

Leave a Comment | Tags: , , , , , , ,