Layer Five: WP Security 101
Best Practice
- change database name from wp_
- DO NOT use "admin" username
- block folders with server permissions or add this to htaccess file:
- move "wp-config.php" up one level above public_html
- backup, backup, backup!
- check file permissions: 7-5-5 for folders, 6-4-4 for files
- delete plugins & themes not in use... you can keep Twenty Twelve for debugging
- clean your site better than you clean your kitchen!
Common Sense
- use a good web hosting company
- be wary of free themes and plugins that are not in the WordPress repository. Make sure you know the source!
- keep WP and plugins updated
- watch out for social engineering... hackers are VERY good at it!