wordpress security

1. Some steps need to take to secure a wordpress site
2.  
3.  
4. On site Security :
5. ___________________________
6.  
7.  
8. (1) Always try to install wordpress manually. All hosting give free service of automatic wordpress install. Try to avoid it.
9. (2) Never give Administrator user name as “admin” . Always choose an unique username.
10. (3) Always set an unique password for wordpress admin user. It helps you from “BRUTE FORCING” attack method. Basically Brute Forcing method is based on common password ( such as like : admin,pass,password,123456,123456789,admin123,admin@123,abcd1234 etc) .
11. But if you set an unique password then it won’t match with common password.
12. Try to combine uppercase, lowercase letter with some number and symbols. (Such as:
13. “New3590@#$”,LooPiNG56*7^#$,gOnEStr33t!*,*U7Ty162723&8 etc)
14. (4) If you run site with many users always remember only one account should be Administrative account. And if you need to add more admin then just set their role as (Editor, or Author). Because only administrative account can upload malicious code to harm on wordpress.
15. (5) Always update wordpress to newer version.
16. (6) Always update theme and plugin.
17. (7) Use some wordpress plugin ( like wp-total-hacks) to check the security hole or vulnerable theme or plugins.
18. (8) Never use a vulnerable wordpress theme or plugin. But if you must need use that then clear vulnerability first from these theme or plugin and use it.
19. (9) Always use wordpress default uploader . Never use third party script to upload anything to wordpress.
20. (10) Always use captcha inlogin form to safe from automatic login request by bot or script.
21.  
22. On server Security :
23. ____________________________
24.  
25.  
26. (11) Always try to use a dedicated server.
27. (12) Buy hosting from famous and popular web hosting which are more secure then others.
28. (Such as : Go-daddy,Hostgator,Hostmonoster,1and1Hosting etc)
29. (13) Always change file permission of your wordpress’s (wp-config.php) to 400 .
30. (14) Use htaccess to stop symlink attack on your site. You should read this discussion of cpanel forum
31. http://forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242.html
32. (15)By htaccess file you can control execution of a file or rewrite site’s urls etc etc.
33. (16) If server owner don’t set safe mode then you should use a php.ini file to set safe mode on.
34. (17) Always change permission of site’s wp-content folder to not writable. So that if someone can
35. enter in your site but he can’t upload malicious code to harm wordpress.
36. (18) Always set unique password for both of your database and cpanel.
37.  
38. If you follow those steps, you will be really safe from any kinds of Attack.
39.  
40.  
41. --------- imran