The document provides 5 tips for securing a WordPress site: 1) Change the default "admin" administrator account username; 2) Add a .htaccess file to wp-admin for an extra layer of security; 3) Use Apache's mod_security application firewall to monitor POSTs, GETs, and URLs; 4) Monitor logs with tools like Splunk and OSSEC to block attackers; 5) Keep all software up-to-date, including the operating system, web server, PHP, and WordPress.
4. “Invalid Username” vs. “The Password is Incorrect”www.digitalpacific.com.au
5. 3 #2: Throw in a .htaccess file in wp-admin Add an extra layer of security by ensuring you need two passwords to get access to your blog www.digitalpacific.com.au
6. 4 #3: Apache’s mod_security An ‘application firewall’ Watches your POSTs, GETs and URL transfers. Keeps known nasty’s out! www.digitalpacific.com.au
7. 5 #4: Monitor your logs! Splunk, OSSEC! Block attackers when you see them. OSSEC can watch directories, and make sure they don’t get changed www.digitalpacific.com.au
8. 6 #5: Keep your software up to date! The latest operating system, the latest web server. The latest PHP, the latest WordPress. It all counts to making sure your safe and secure! www.digitalpacific.com.au
9. 7 LIKE Digital pacific On Facebook.com and get a 20% discount on your first invoice www.digitalpacific.com.au