wordpress site security.
Closed - This job posting has been filled and work has been completed.
I need these things done on two wp sites. pls send me your price and completion time.
must have a good profile on odesk.
- Move your wp-config.php outside of the site root into a folder above that is restricted
- Setup htaccess files to deny direct access to PHP files and lock down admin folders etc..
- Stop bruteforce attacks that attempt to guess your WP login details, this plugin is nice:
- Make sure your salts are unique for each site, DO NOT JUST COPY FROM OTHER SITE CONFIGS
- Make sure your WP username isn't 'admin'
- Make sure your passwords don't appear on this list:
- Make sure your FTP, Database, Email and WP usernames are all different so that if someone hacks your email they don't have everything etc..!
- Setup different usernames and passwords for FTP and DB's when hosting multiple sites on the same hosting package / server.. NEVER use a root type account that has permission to access everything.
- Be very careful when installing plugins, always ensure you have an up to date backup of your DB / theme before installing something that has very little feedback etc..
- Ensure that your webserver is logging activity so that if you do get hacked you can see how it happened and plug the hole.