Hi, I've had a look around to see what options I should consider in order to keep a Wordpress website as secure as possible. Here is what I've found so far: Manual fixes: There are a few of these such as changing the admin username. There are a few others I need to look into to implement Updates: Keep Wordpress/plugins as up to date as possible Backup: WP-DB-Backup has been suggested. I understand this is pretty good but I've heard this isn't a full backup and there may be better options or other things to implement in addition. Any ideas/suggestions? Security plugins: Any ideas? I've seen a few suggestions but Im not sure what to do here. There is one called Bulletproof but I've heard that it changes settings and can conflict with other plug-ins so Im not sure I want to go down this route. Any feedback or alternative suggestions from anyone who has implemented one? I've only done some initial research so if anyone can help with further suggestions/advice, I'd appreciate it. Thanks
I personally dont want to go with Bulletproof as I dont know enough about what it does and the changes it makes. It sometimes conflicts with other plug-ins so I will leave it for now. Another plugin worth installing is Login LockDown and you can specify how many log-in attempts a user can have before they are locked out. I also found some useful manual tips from the following article: http://hellboundbloggers.com/2011/01/12/wordpress-blog-security/