Reply To: WordPress Security

[nixnerd]

You can totally get a book if you want. That’s fine for conceptual application. For anything practical though… a book would be outdated by the time it was published.

The best thing that ANYONE can tell you to do is… limit your plugins, keep them up to date and make CERTAIN to update WordPress. I would advise you to never ever skip updates because you’re afraid of breaking your theme or whatever.

Wordpress by it’s very nature has a pretty huge attack surface. That doesn’t mean that you can’t or shouldn’t use WordPress. If you deem it the right tool for the job, use it… with caution.

Anytime you have that much PHP, making that many database calls, you’re going to have a great target for an exploit. WordPress is hugely powerful and that’s why people spend time trying to use it for nefarious purposes.

Forms are the real biggie. Make sure you’re locking those down real, real tight.