<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body style="word-wrap:break-word" fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Geez - I have had ZERO infections via WordPress in 4 years.
<div><br>
</div>
<div>Plugins:</div>
<div><br>
</div>
<div>Wordfence Security</div>
<div>WP Firewall 2</div>
<div>Secure WordPress</div>
<div>WP Secure Scan</div>
<div>WordPress HTTPS</div>
<div>WP Ban</div>
<div><br>
</div>
<div>Best Practice:</div>
<div><br>
</div>
<div>NO accounts named "admin"</div>
<div>htaccess file in wp-admin</div>
<div>NO default table prefixes in wp-config, such as "wp_". Change it to "wp_xRwFG_" or whatever.</div>
<div>original salt data in wp-config: <a href="https://api.wordpress.org/secret-key/1.1/salt/" target="_blank" style="font-size: 10pt;">https://api.wordpress.org/secret-key/1.1/salt/</a></div>
<div>Secure high quality passwords</div>
<div>Updated malware scans on user devices</div>
<div>Gravity Forms used on all forms, with CAPTCHA</div>
<div>SFTP on FTP accounts</div>
<div><br>
</div>
<div>Occasionally check on Sucuri.net. If you want to be on top of it, subscribe to their scan service.</div>
<div><br>
</div>
<div>There are other hardening plugins out there.</div>
<div><br>
</div>
<div>- Steve</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF9214" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> wp-edu [wp-edu-bounces@lists.automattic.com] on behalf of Leslie Melvin [melvin@bard.edu]<br>
<b>Sent:</b> Monday, September 09, 2013 6:18 PM<br>
<b>To:</b> wp-edu@lists.automattic.com<br>
<b>Subject:</b> [wp-edu] WP - security concerns?<br>
</font><br>
</div>
<div></div>
<div>Hi Folks,
<div><br>
</div>
<div>We have been hosting WP Multisite (for course blogs and as a blog supplement to our program websites) for a few years, with mixed results. Our community (users) love the flexibility of WP, but it has proven to be an unexpected support burden for IT...it
 seems that all of our website/network hacks have been introduced via WP. </div>
<div><br>
</div>
<div>I haven't seen the topic addressed by this group, so it appears our experience is isolated, which would lead me to suspect we are missing some simple safe-guards.  Have any of your institutions dealt with WP-related security issues?  Have you found any
 successful, secure configurations, and if so, would you be willing to share your experiences with us?  WP is proving to be such a valuable tool...</div>
<div><br>
</div>
<div>If so, I will bring our Networks and Systems folks into the conversation, as they could answer specific questions related to our configuration and protocols.</div>
<div><br>
</div>
<div>Many thanks in advance!</div>
<div><br>
</div>
<div>Best,</div>
<div>Leslie</div>
<div><br>
</div>
<div>
<div><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium;"><span class="Apple-style-span" style="border-collapse:separate; font-family:Helvetica; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:2; text-indent:0px; text-transform:none; white-space:normal; widows:2; word-spacing:0px; font-size:medium">
<div style="word-wrap:break-word"><span class="Apple-style-span" style="border-collapse:separate; font-family:Helvetica; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:2; text-indent:0px; text-transform:none; white-space:normal; widows:2; word-spacing:0px; font-size:medium">
<div style="word-wrap:break-word">
<div>
<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:medium; font-weight:normal; font-style:normal">
<span class="Apple-style-span" style="font-family:'trebuchet ms',sans-serif"><b><span class="Apple-style-span" style="font-family:Helvetica; font-weight:normal"><b><font class="Apple-style-span" face="'Helvetica Neue'"><span class="Apple-style-span" style="font-family:Helvetica; font-weight:normal">---</span></font></b></span></b></span></div>
<div><b><b style="color:rgb(0,0,0)"><font class="Apple-style-span">Leslie A. Melvin</font></b><span class="Apple-style-span" style="color:rgb(0,0,0); font-size:medium; font-style:normal; font-family:Helvetica; font-weight:normal">  |  </span><span class="Apple-style-span" style="color:rgb(0,0,0); font-size:medium; font-style:normal; font-family:Helvetica; font-weight:normal"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size:11px">Manager,
 Academic Technology Services</span></font></span><span class="Apple-style-span" style="color:rgb(0,0,0); font-size:medium; font-style:normal; font-family:Helvetica; font-weight:normal"><br>
</span><span class="Apple-style-span" style="color:rgb(0,0,0); font-size:medium; font-style:normal; font-family:Helvetica; font-weight:normal"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size:11px"><br>
</span></font></span>
<div style="color:rgb(0,0,0); font-size:medium; font-style:normal; font-family:Helvetica">
<font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size:11px"><span class="Apple-style-span" style="font-weight:normal">BARD COLLEGE</span><br>
<span class="Apple-style-span" style="font-weight:normal">PO Box 5000 | 204 Old Henderson | </span></span></font></div>
<div style="font-size:medium; font-style:normal; font-family:Helvetica"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size:11px"><span class="Apple-style-span" style="color:rgb(0,0,0); font-weight:normal">Annandale-on-Hudson,
 NY 12504</span><br>
<span class="Apple-style-span" style="color:rgb(0,0,0); font-weight:normal">office: 845.758.7496 |<span class="Apple-converted-space"> </span></span><u><font class="Apple-style-span" color="#3e6ba9"><a href="http://www.bard.edu" target="_blank">http://www.bard.edu</a></font></u></span></font></div>
</b></div>
</div>
</div>
</span></div>
</span></span></div>
<br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>