Securing Wordpress
Being the OC freak that I am, I’ve tried to limit the vulnerabilities in my site which is running wordpress. To the point of adding a web directory password to my /wp-admin directory. This adds another security layer to my blog.
But what happens if you can’t add a web password to this directory because you plan to have a lot of users uploading data in your site? Well I got some very useful tips from the mouth of the horse itself… googling wordpress security I came up with a very good forum post on how to secure wordpress from the wordpress site itself.
Key learning from that post was to delete all files in /wp-admin that begins with upgrade*, install* and import*
Doing this however still doesn’t protect you from security flaws in wordpress itself… so if wordpress suddenly comes out with a bulletin telling you to update… By God you Update!… *snicker*
[source]