Im going to start up a blog ( or at least actually update mine ) with php and general computer stuff I learn from day to day.

Anyway..

Im thinking of using wordpress, Mainly because ive got too much work on and cant be bothered to write my own platform..

How secure is wordpress on linux?
Should i jail it?

I see a lot of sites being hackedthat use wordpress and dont really fancy my server being screwed over..

Any thoughts?

There are tons of great articles on extra security for wordpress.
http://www.noupe.com/how-tos/wordpre...and-hacks.html
http://www.problogdesign.com/wordpre...ress-security/
http://wpshout.com/10-practical-word...security-tips/

One that comes up alot is to create a new user with ALL privileges, then delete the admin user. This way, a hacker has to also guess the user name AND the password rather than knowing half the entry is 'admin'.

Do be careful of plugin's as well. Poorly managed ones have left gaping holes.
http://wordpress.org/extend/plugins/wp-security-scan/

I have never had a problem with security, but then again, I haven't done too many sites that would be considered "targeted" for a hacker unless he was super bored.

I've been using wordpress.org for a year now, and the program itself can be darn fickle. When hitting save, it may or may not save what you have just entered, the same with the widgets. I added some script to my right side, and had a heck of a time getting it to show up on the main blog page. Wordpress is easy to work with, but if you can put up with times that it want's to be contrary is a pain. Sometimes I just log off and come back later to try again.

lynxus, WP is as secure as any major script available for mass download. Racer-x gave some good suggestions for additional security.

I think this additional one works with it also: rename the log in file to a unique name that only you know. Then you have 3 levels of protection.

Thanks for the tips guys. I am also using WP for my blog I am launching next month. I've used it for about 2 years now and haven't had any problems. But that has been for private (career planning journals) blogs, set for my eyes only. And only briefly for a popular gaming tip blog I had going for a about a year. Loss interest in the game. :/

Anyway gonna make sure to try these when I launch my new blog. Because I plan on trying to grow it out and eventually try and draw some sort of an income through it. Thanks again!

Out of the box WordPress is very tight security wise, the problem with security is one that comes with the introduction of plugins. Plugins that are made by inexperienced developers are usually the point of entry for most WordPress hacks. As long as you are careful about which plugins you use, for example try to stick with the most popular ones as these are well tested and revised, you should be safe. Some other things to consider are:

1. changing your wordpress database table prefix (most script kiddies rely on pre-written code that depend on the default wp_ prefix to work)

2. Use this firewall plugin:

http://wordpress.org/extend/plugins/wordpress-firewall/

I have used it for a while on a rather popular wp site and it works very well. It will send you an email when it blocks an attack.

3. htpasswd your wp-admin directory and your wp-login.php file (dual log-ins will put an extra layer of security against brute force attacks)

etc...

The attacks are really common these days over WP but it all depends upon your server security. Also you can get some other security measures...

Thanks for the info, I'm using Wordpress and confident with it.

Apart from frequent spam comments, wordpress is pretty stable for me - but it depends on the theme and plugins installed.

Cool,
Well im running it in a chrooted environment anyway now with very tight file permissions.

I havent and wont be adding any extra plugins.
Just needed a nice looking blog system for one of my other sites.


_G

Wordpress is most secured blogging platform as compared to others, you may customize the security as you need if your blog is hosted on self hosted private domain.

Security is not certainly one of WordPress strengths, and pretty much as it happens with windows, its popularity makes it more prone to hacker attacks.

I have never been hacked but I have read about some nasty stories that you would not want to be part of.

There are a number of security measures you can take to make your blog more secure and at least make the hackers work for it.

Some of them involve changing the database prefix, relocating your config.php file and other necessary tweaks. If you do this then you blog should be secure.

Wordpress is really secure BUT since so many people are using it, hackers are becoming more and more innovative to find new ways to get things done. Piece of advice is do regular backups.

I started with wordpress, for years now. Then after years of using it my wordpress got hacked and really don't know what happened on my site.

One thing to know about WordPress security is the majority of sites getting hacked are usually running an older version. 1st rule of WordPress security is to keep WP updated.

WordPress developers are usually very good at fixing security issues quickly, but you do have to upgrade to the latest version to reap those benefits.

As of late, I must say that I have been seeing a lot of WP sites hacked. Bluehost, now Godaddy, etc.

Many are due to the config.php file having the wrong file permissions.(I think that may be when fantastico installs WP actually...?)

This is straight from the Codex:

Quote:

Note that if you are on a shared-server the permissions of your wp-config.php should be 750

http://codex.wordpress.org/Hardening_WordPress

Always check this!! I have now went back and seen many cases where I forgot to and it was wrong!

The issue with many of the hacks apparently is more to do with the hosts than with WordPress. Setting the proper permissions on wp-config is definitely a good idea as is setting permissions on all the files and folders. I think host don't automatically do that with their auto installs.