Recently had a bad experience with Wordpress on security front. I had to resort back to good old HTML with absolute minimum use of JS temporarily. I had to get LAMP re-installed to make a clean re-start on a dedicated server.
While HTML is simple with minimum security holes (when done correctly) it’s a step backward. I’m looking for a CMS with security and simplicity high on agenda. I like to use it for general blog style news etc site. Nothing special. It could even be without use of database as long as it takes away the pain of manual categorization and archiving away with minimal security holes.
I don’t like Joomla, Drupal type CMS as I found them not easy to use and maintain. Any suggestions…?
Prevent directory browsing with your primary .htaccess file by including a line for
Options All -Indexes
create a new administrator user (with a username that doesn’t include “admin” or “administrator”). Log in as that user and delete wordpress’s default admin user.
These plugins actually do a few things that save you from doing a few things manually. They prevent brute-force login attempts, scrub the wordpress version information from the generated source code (if a hacker knows what version you’re running, they know what specific attacks to employ), plus a few other odds n’ ends.
Put an HTTP password prompt on the wp-admin directory. While this won’t stop brute force attacks, it is another wall a hacker will have to break through in order to get to your site. You can either do this through your host’s control panel (usually labeled as “protected directories”, or manually with a htaccess and htpasswd file).
Update the core & plugins. New releases often have fixes and plug security holes.
Pay attention to what plugins you have installed and enabled. Don’t install brand new plugins that haven’t been tested for security issues. Delete plugins you aren’t using (not just deactivate).
Use a table prefix when installing wordpress. This will help obfuscate your database a little bit, protecting from some generic attacks (note that this should not a primary security measure as it can be countered)
Lastly, follow all the common sense things about keeping passwords secure and making strong passwords.
I would not recommend Joomla from a security standpoint. It has always tended to have a lot of exploitable avenues for attacks. I’m not familiar enough with drupal to comment on it.
I don’t know the full details but tech guys told me a malware script was injected via WP security hole. Perhaps we used outdated or bad plug-in. WP could have approved and secure plug-in list to improve the security. As a result my site was blocked by Google as an Attack site, twice. That’s why they had to re-install LAMP.
Hey graspit. I have managed to install PmWiki with some guesswork. PmWiki instructions is not that well written. I think they assume user knows about php and server settings quite a bit. I’m stuck on initial setup tasks. Do you know there if there is a clear guide for beginner to set things up?
