Wordpress Security
From GLMWiki
Notes
One thing we need to be aware of is that rather than using our own unknown software and having incredible control over it, we're going to be working with extremely popular software (last figure I read was 22% of the internet runs wordpress) that will be specifically targeted.
Precautions
- Keep WP installs, plugins and themes up to date. Code securely as always, but keep an eye on critical WP news on vulnerabilities.
- When a login fails, user is notified whether it's due to erroneous username or password. In functions.php, add something like :
function failed_login() {
return 'The login information you have entered is incorrect.';
}
add_filter('login_errors', 'failed_login');
- We need to avoid names like Petoskeyrobotics with the password Petoskey14
- Limiting the number of logins will help safeguard against brute force. There is a plugin that does this but it shouldn't be hard to figure out on our own.
