Working Ninja
Things I Do When I Touch A WordPress Install

There’s a lot you can do to make your WordPress install more secure–some easier than others! Here are a few of the easy ones. These can be applied to a new or existing WordPress install.


Salt passwords:

Salting the passwords on an existing site will force everyone to log in again.

Disable file editing from within WP Admin:
define('DISALLOW_FILE_EDIT', true);

And if the site is taking advantage of SSL:
define('FORCE_SSL_ADMIN', true);

File system

Make sure permissions are set correctly:
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

Caution: the above two commands could break WordPress plugins that require unsafe (IMHO) permissions to be set. See how to setup WordPress with FastCGI (coming soon).