OWASP Top 10 & WordPress Security (Page 7)

Please note: this post is incomplete & pending review.

A6 – Security Misconfiguration

We have again, a broad category of attacks that can happen at any level of a stack, from ports to login forms. The result: your site andor server gets compromised.

How does this relate to WordPress?

WordPress has created a very detailed document called Hardening WordPress, these steps makes your server and WordPress install safer. Some small simple examples from the document are:

  • not keeping admin as your username
  • not using wp_ as your database table prefix

Measures like this strengthen your WordPress install. In addition to the other 9 points herein relating to security, third party WordPress security plugins can greatly enhance your security configuration even further:

  • Block Bad Queries acts as a firewall preventing manual and automated attacks via URLs
  • Login Lockdown prevents brute force attacks by denying (via their IP address) login attempts after 3 failed log ins.

Leave a Reply