We’re constantly, almost-endlessly fascinated by the idea of better WordPress security. It’s a more-fun-than-it-has-any-right-to-be topic, because somewhere in between “just don’t have a user named ‘Admin’” and “lock that thing down hard” lies the real sweet spot; there’s a lot of wriggle room in deciding what better WordPress security means.
WordPress Security is far from broken. We didn’t need a WordPress Security White Paper. But with constant hole-patching like WordPress itself locking down security in Jetpack, and releasing WordPress 4.21 just a couple of days after 4.2, building better WordPress security sure seems like a solid idea.
Enter Torquemag. Better known in these parts for their musings on WordPress Themes and Sitebuilder issues, Torquemag has published a nice “please try these tips at home” treatise on better WordPress security. Most of it is simple, almost none of it requires developer-level skills, and even if you enact just a few of these tips you’ll have hardened your WordPress installation against all but the baddest of bad guys.
Well worth a read. Let Torquemag get you better WordPress security, right now.