[wp-edu] WP - security concerns?

Brianne Binelli bbgoldkey at gmail.com
Tue Sep 10 11:03:47 UTC 2013


I receive a lot of security alerts on wp.  I do have a Admin user name to
get into the dashboard do you think this may be causing the problem.  I
thought you need to create a admin user name.

thanks
have a great day



On Mon, Sep 9, 2013 at 8:19 PM, Covello, Steve <Steve.Covello at granite.edu>wrote:

>  Geez - I have had ZERO infections via WordPress in 4 years.
>
>  Plugins:
>
>  Wordfence Security
> WP Firewall 2
> Secure WordPress
> WP Secure Scan
> WordPress HTTPS
> WP Ban
>
>  Best Practice:
>
>  NO accounts named "admin"
> htaccess file in wp-admin
> NO default table prefixes in wp-config, such as "wp_". Change it to
> "wp_xRwFG_" or whatever.
> original salt data in wp-config:
> https://api.wordpress.org/secret-key/1.1/salt/
> Secure high quality passwords
> Updated malware scans on user devices
> Gravity Forms used on all forms, with CAPTCHA
> SFTP on FTP accounts
>
>  Occasionally check on Sucuri.net. If you want to be on top of it,
> subscribe to their scan service.
>
>  There are other hardening plugins out there.
>
>  - Steve
>
>
>
>  ------------------------------
> *From:* wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of Leslie
> Melvin [melvin at bard.edu]
> *Sent:* Monday, September 09, 2013 6:18 PM
> *To:* wp-edu at lists.automattic.com
> *Subject:* [wp-edu] WP - security concerns?
>
>  Hi Folks,
>
>  We have been hosting WP Multisite (for course blogs and as a blog
> supplement to our program websites) for a few years, with mixed results.
> Our community (users) love the flexibility of WP, but it has proven to be
> an unexpected support burden for IT...it seems that all of our
> website/network hacks have been introduced via WP.
>
>  I haven't seen the topic addressed by this group, so it appears our
> experience is isolated, which would lead me to suspect we are missing some
> simple safe-guards.  Have any of your institutions dealt with WP-related
> security issues?  Have you found any successful, secure configurations, and
> if so, would you be willing to share your experiences with us?  WP is
> proving to be such a valuable tool...
>
>  If so, I will bring our Networks and Systems folks into the
> conversation, as they could answer specific questions related to our
> configuration and protocols.
>
>  Many thanks in advance!
>
>  Best,
> Leslie
>
>     *---*
> *Leslie A. Melvin  |  Manager, Academic Technology Services
>
>  BARD COLLEGE
> PO Box 5000 | 204 Old Henderson |
> Annandale-on-Hudson, NY 12504
> office: 845.758.7496 | http://www.bard.edu
> *
>
>
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20130910/9c502a45/attachment.html>


More information about the wp-edu mailing list