[wp-edu] WP - security concerns?

Covello, Steve Steve.Covello at granite.edu
Tue Sep 10 01:19:38 UTC 2013


Geez - I have had ZERO infections via WordPress in 4 years.

Plugins:

Wordfence Security
WP Firewall 2
Secure WordPress
WP Secure Scan
WordPress HTTPS
WP Ban

Best Practice:

NO accounts named "admin"
htaccess file in wp-admin
NO default table prefixes in wp-config, such as "wp_". Change it to "wp_xRwFG_" or whatever.
original salt data in wp-config: https://api.wordpress.org/secret-key/1.1/salt/
Secure high quality passwords
Updated malware scans on user devices
Gravity Forms used on all forms, with CAPTCHA
SFTP on FTP accounts

Occasionally check on Sucuri.net. If you want to be on top of it, subscribe to their scan service.

There are other hardening plugins out there.

- Steve



________________________________
From: wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of Leslie Melvin [melvin at bard.edu]
Sent: Monday, September 09, 2013 6:18 PM
To: wp-edu at lists.automattic.com
Subject: [wp-edu] WP - security concerns?

Hi Folks,

We have been hosting WP Multisite (for course blogs and as a blog supplement to our program websites) for a few years, with mixed results. Our community (users) love the flexibility of WP, but it has proven to be an unexpected support burden for IT...it seems that all of our website/network hacks have been introduced via WP.

I haven't seen the topic addressed by this group, so it appears our experience is isolated, which would lead me to suspect we are missing some simple safe-guards.  Have any of your institutions dealt with WP-related security issues?  Have you found any successful, secure configurations, and if so, would you be willing to share your experiences with us?  WP is proving to be such a valuable tool...

If so, I will bring our Networks and Systems folks into the conversation, as they could answer specific questions related to our configuration and protocols.

Many thanks in advance!

Best,
Leslie

---
Leslie A. Melvin  |  Manager, Academic Technology Services

BARD COLLEGE
PO Box 5000 | 204 Old Henderson |
Annandale-on-Hudson, NY 12504
office: 845.758.7496 | http://www.bard.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20130910/6a8504ac/attachment-0001.html>


More information about the wp-edu mailing list