Now I’d like to bring this topic up for discussion.
What do you guys believe is the best way to maintain security on a wordpress site? I can stand the fact that people can simply add ‘/wp-admin’ to the end of my url, get to my login page, and maybe hack by SQL injection? My solution I believe is to run an IP Address verification script on the login page and if they’re not supposed to be there, redirect them somewhere else. I know there might be some complications to this with dynamic IP’s etc, but that can all be solved with a simple SSH tunnel to my server and therefore have the script check for that IP address? Does anyone think that this can work? Is there any potential risks that i’m missing here? What do you believe wp developers should adopt as a new security system. Honestly, lets face it, wordpress hacking is an ugly business.
