So last weekend I installed wordpress on my system. Decided it was time to start writing something on whatever topic comes up in my mind.
Since I work as a security consultant, wordpress with its sometimes faulty security and reputation for being easily hacked did raise some eyebrows at work. Therefore I wanted to give it an appropriate amount of attention to get it sufficiently secured. So I setup SSL-only connections on this machine, limit the connectivity to the admin panel, ensure good password strength and only let the system go ‘live’ after having all that applied.
After some additional testing at work (checking if the admin panel is not accessible from non-authorized locations) I decided that it’s acceptable for now and will continue to read up on getting this wordpress installation more secured and hardened than Fort Knox.