Zack Design has developed a new plugin sponsored by MJ Penner Consulting. We are happy to announce its imminent release!
This plugin is a no-frills approach to securing your WordPress install.
Features included in this plugin:
- Ability to scan the database for possible XSS issues.
- Limit login attempts to one per ten seconds per user.
- Check all file permissions.
- Check for presence of index.html files in all directories.
- Check if WordPress is up-to-date.
- Remove the version number from HTML source.
- Log all POST requests.
- Log all failed login attempts.
- Change the admin username.
- Randomize the database table prefix.
- Require stronger passwords.
- Detect SSH and provide ability to enforce it on wp-admin and login pages
- .htaccess password protection
This plugin operates based under the assumption that you are going to fully lock down your WordPress install to the extent that PHP can no longer move files around (0644 CHMOD). This means that once you install the plugin, automatic updates will no longer work. Then again, you don’t really want them to for a fully-protected, locked-down site.