Comments on: 5 WordPress Security Essentials

By: Blog Spring Cleaning - Epiblogger

Blog Spring Cleaning - Epiblogger — Thu, 03 Jul 2008 03:33:29 +0000

[...] Security - Review your security. 5 WordPress Security Essentials. [...]

By: Sicherheit / WordPress absichern

Sicherheit / WordPress absichern — Mon, 19 May 2008 14:21:23 +0000

[...] http://www.epiblogger.net/5-wordpress-security-essentials/ [...]

By: links for 2008-05-07 | Gosdot

links for 2008-05-07 | Gosdot — Wed, 07 May 2008 01:42:13 +0000

[...] 5 WordPress Security Essentials - Epiblogger (tags: security) [...]

By: Qualche consiglio sulla sicurezza del vostro blog (wordpress) | Sitissimo.com

Wed, 26 Mar 2008 11:16:09 +0000

[...] Daily Blog Tips | Epiblogger Trucco & Consiglio del giorno: Disabilitare la richiesta di riavvio di WindowsIl consiglio di [...]

By: Guarding Your Wordpress Blog | BPWrap

Guarding Your Wordpress Blog | BPWrap — Fri, 08 Feb 2008 00:49:28 +0000

[...] WordPress - WordPress Codex Three tips to protect your WordPress installation - Matt Cutts 5 WordPress Security Essentials - Lee Robertson How to Protect Your WordPress Site - Anita Campbell Protecting Your WordPress Blog [...]

By: WordPress 2.3.3 Urgent Security Release - Epiblogger

WordPress 2.3.3 Urgent Security Release - Epiblogger — Tue, 05 Feb 2008 16:16:18 +0000

[...] before you update your WordPress site to make a backup and of course don’t forget to use some basic security to keep your blog [...]

By: » 6 modi per mettere in sicurezza i blog Wordpress Geekissimo

» 6 modi per mettere in sicurezza i blog Wordpress Geekissimo — Tue, 22 Jan 2008 11:00:51 +0000

[...] Fonti: Daily Blog Tips | Epiblogger [...]

By: Lee Robertson

Lee Robertson — Fri, 18 Jan 2008 20:29:35 +0000

Jonas,
Thanks for stopping by. You are correct WordPress I believe just uses an MD5 hash of the password and stores it in the database. If someone can gain access to the database they could decode the password. To help prevent someone from gaining access to the database you can use htaccess to protect the wp-config file which contains the username and password for the database connection or move it off the web root.

By: Jonas

Jonas — Fri, 18 Jan 2008 19:16:11 +0000

Thanks for the tips! There are good reasons for hardening your Wordpress install. Wordpress stores passwords in the database as hash made from the password. A common Unix practice is to add random seed to the hash but Wordpress does not do this. Should the password hash be revealed it could even be revealed by googling the hash!

By: Obscurity to Popularity - Entrecard - Epiblogger

Obscurity to Popularity - Entrecard - Epiblogger — Wed, 16 Jan 2008 14:58:47 +0000

[...] 5 WordPress Security Essentials post from January 9 was submitted to StumbleUpon and has been sending Epiblogger a steady stream of [...]

By: Lee Robertson

Lee Robertson — Tue, 15 Jan 2008 05:18:48 +0000

Thanks for stopping by! They are simple tips that everyone can use. Just a few can help keep a blog more secure.

By: Erica DeWolf

Erica DeWolf — Tue, 15 Jan 2008 04:01:40 +0000

These are some easy and simple tips that should really help keep individuals’ blogs safe. I’ll be sure to implement a few, and I’m sure others will, too! Thanks!

By: Lee Robertson

Lee Robertson — Fri, 11 Jan 2008 13:44:52 +0000

Thanks for stopping by! I have used your plugin on other WordPress sites and it works well. Thanks for such a great tool to help keep blogs secure.

So often it is the simple things that get forgotten about and missed. I have seen WordPress blogs using older versions after a security release where the owner just does not want to upgrade. Sure enough their blog is compromised and then they have a lot of other problems to deal with.

By: AskApache

AskApache — Fri, 11 Jan 2008 08:22:55 +0000

Lee, such simple and easy wordpress security tips. I’ll be upgrading the http basic authentication plugin soon. Thanks for the buzz bro!

By: Lee Robertson

Lee Robertson — Fri, 11 Jan 2008 00:35:18 +0000

Best of luck getting it all sorted out. I have had to clean up sites after being hacked and it can be a lot of work.

By: Simonne

Simonne — Wed, 09 Jan 2008 22:38:33 +0000

Lee, thanks for the answer. I don’t know how they got in, and it happened just before I left for the Christmas vacation, so I had no time to investigate more. I just wiped the site off the server. I’ll try to do as you say. I suppose it has something to do with the database, because the few static pages I had were all OK. Probably there was some envious competitor (that was my business website, which started to rank well for some specific terms).

By: Lee Robertson

Lee Robertson — Wed, 09 Jan 2008 22:24:28 +0000

Simonne,
Thanks for stopping by! Sorry to hear about your blog. My first thought would be to wipe the blog and database and reinstall and restore the posts etc from a backup. Before you do that though you really need to find out how they got in. You also should change user names and passwords for the account and database. How are they redirecting to another URL? Did they inject something into the posts?

By: Simonne

Simonne — Wed, 09 Jan 2008 19:27:10 +0000

Many thanks for mentioning my post.

Secondly, do you have any idea, once a blog has been hacked and many of its posts are now redirected to another URL, what can be done to solve this problem? I’m in this situation and I just deleted the blog and used .htaccess to make a 301 redirect to a provisory page. But I’m losing the SERPs ranking I’ve been working hard on. Thanks.