wordpress site security.

wordpress site security.

Closed - This job posting has been filled and work has been completed.

Job Description

I need these things done on two wp sites. pls send me your price and completion time.
must have a good profile on odesk.

- Move your wp-config.php outside of the site root into a folder above that is restricted

- Setup htaccess files to deny direct access to PHP files and lock down admin folders etc..

- Stop bruteforce attacks that attempt to guess your WP login details, this plugin is nice:

http://wordpress.org/extend/plugins/limit-login-attempts/

- Make sure your salts are unique for each site, DO NOT JUST COPY FROM OTHER SITE CONFIGS

- Make sure your WP username isn't 'admin'

- Make sure your passwords don't appear on this list:
http://gizmodo.com/5954372/the-25-most-popular-passwords-of-2012

- Make sure your FTP, Database, Email and WP usernames are all different so that if someone hacks your email they don't have everything etc..!

- Setup different usernames and passwords for FTP and DB's when hosting multiple sites on the same hosting package / server.. NEVER use a root type account that has permission to access everything.

- Be very careful when installing plugins, always ensure you have an up to date backup of your DB / theme before installing something that has very little feedback etc..

- Ensure that your webserver is logging activity so that if you do get hacked you can see how it happened and plug the hole.