Wordpress Security
Most security issues revolve around the use of plugins and themes. 
2,000,000
Best Practices

*Update WordPress and any plugins asap !!!
*Change the admin default login name
*Use as few plugins as possible
*Only download from known sources (www.wordpress.org)
Change the login path (plugin)
Include a custom database prefix on install
Make sure your plugins are safe 
Don’t just disable plugins/themes. Remove them
Remove/replace wordpress version
Hold comments for moderation in discussion settings
Use an anti-spam tool (Akismet, Captcha)

SECURE YOUR LIFE!

1Password Software -
1Password for can create strong, unique passwords for you, remember them, and restore them, all directly in your web browser. You can also securely store Secure Notes, Software Licenses, Credit Cards, Attachments, and much much more.
Run Malware/Virus scans often on your system

Hardening WordPress - http://codex.wordpress.org/Hardening_WordPress


scottfisk.com/design-feed
Thank you!
WORDCAMP BIRMINGHAM 
JANUARY 14, 2012
 
Top  Security Plugins


WordPress Firewall 2 (locks .php files, tracks ip addresses of attack)

This plugin intelligently whitelists and blacklists pathological-looking phrases, based on which field they appear within, in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night.
Ultimate Security Checker (best scanner – seeks out malicious code)

Our plugin identifies security problems with your WordPress Installation. It scans your blog for hundreds of known threats, then gives you a security “grade” based on how well you have protected yourself. You can fix the problems yourself, or you can use our help to do it for you automatically.
WordPress File Monitor

Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.
Secure your life! (January is data privacy month)

Use strong passwords
If others have access make sure they use strong passwords
Do not use the same password over and over
Change passwords periodically
Backup site regularly (I use Backupbuddy for auto backups)
Bulletproof Security (locks .htaccess files)

WordPress Website Security Protection: BulletProof Security protects your WordPress website from XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check… System Info: PHP, MySQL, OS, Memory Usage, IP, Max file sizes… Built-in .htaccess file editing, uploading and downloading.
 
Timthumb.php was a file that was included in many wordpress themes and plugins. Many developers use timthumb.php to resize images to fit their website.