QuickOnlineTips.com has a list of what they believe to be the best nine security plugins to use with WordPress. Some of the usual suspects have made the list such as WP Security Scan. I’m not sure if it’s good to mention this or not, but I don’t use any of those plugins on the list. What I do use is a strong password, .htaccess blocking of folder indexes, a renamed admin account and a few other little quirks.
In the process of making your WordPress uber secure, I’m wondering if anyone out there has hosed their blog by making it too secure? Maybe you installed the wrong security plugin or perhaps the combination of security plugins created a recipe for disaster? If this has happened to you, please share your stories in the comments, I’d love to read them.
My security nightmare is the ongoing need that many plugins have to lower the security of your folders, WP Cache is one that comes to mind. Do I CHmod the folder, all folders in that folder, all files in all folders? Should I change it to 777, 775, 755, or many of the other possibilities? Can I make them secure again once the plugin is installed? And many more questions that are so often not addressed by the plugin creator. So you see my nightmares are more about worrying and being unsure of what is the right thing to do.
I’d love to hear more about the .htaccess blocking of folder indexes that you mentioned. This is to be one of the biggest flaws with WordPress as comes out of the box. I have never seen this addressed (is it in the Codex?) and have instead put redirect indexes in many of my folders. Can you please share the specifics of the other security mesaures that you take?