(mt)
Out of context: Reply #19
- Started
- Last post
- 26 Responses
- acescence0
a lot of stuff I do revolves around .htaccess... limit access to wp-admin via password protection and a specific IP address, or if that's too strict, deny all access directly to wp-admin and provide a mirror via URL rewriting and a "secret" URL. limit direct access to sensitive files, wp-config, anything that gets included rather than accessed directly, any plugin stuff, etc..
I also change the default admin account to something other than "admin", and always install WP into a random directory while serving the site from root, and hide the meta generator tag that identifies your WP version, just to stop the script kiddies that troll for WP installs.
to monitor things, set up a cron job that backs up the database regularly and then diff the backup against the previous to identify things that have changed. this can be less useful if the content, comments, users, etc., change drastically under normal conditions, but it's good to have regular backups you can revert to.