In continuation of an earlier series of posts towards making your WordPress installation more secure, here are some more plugins and steps to increase the security of your WordPress installation. An important plugin that can help in ensuring that you are able to detect the security leaks in your WordPress installation is called “WordPress scanner”.
WordPress scanner (learn more at this link).
Running it is fairly simple, you have to move a plugin to your plugins directory and activate it. The plugin will add a link to your WordPress template. Once you are done, you need to disable the plugin (and be sure to do so). Once you have activated the plugin, you need to go to the wpscan page (link) and enter your blog details.
In addition to plugins, you need to evaluate the following.
– Check with your web hosts about whether directory browsing is allowed by default, if no index.html file is present. A lot of hosts have turned that off by default, but if it is on, then you should add an index.html file in your plugins directory; you don’t want people to know which plugins you are using
– Keep your WordPress installation updated, and one way to do the automatically is by using the “WordPress Automatic Upgrade plugin” (link) – Also, WordPress 2.7 onwards has an integrated update feature which you should use.
– Check for the security levels on your Forms / Comments input page. Use a more secure mailer for WordPress (Secure Form Mailer Plugin For WordPress)
– Don’t use plugins without reading a bit more about them. Plugins are made with the best of intentions, but it is quite possible that a plugin can lead to a security hole.
