wp-security Scan is a must-use plugin for anybody looking to secure their website. It’ll tell you all the basic WP security settings you do or don’t have enabled.

….

I would also change your ‘admin’ username. Then hackers have to try and guess your username AND password.

Also use the ‘Login Lockdown’ and “Secure WordPress” plugin.

Login LockDown adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted.

Secure WordPress automatically changes a few things inside WordPress to make it a little bit more secure.

….

It’s better to strip down the permissions to “admin” and make yourself a new account with full permissions. Then even if hackers manage to get into “admin” account they can do nothing :) They wasted their time.

….

I’ve also found that the most secure thing you can possibly do is also very simple. After your site is set up simply change your theme file permissions to 444. They can be read, but they can not be changed (ie- hacked by an automated bot).

The ONLY downside is that when you want to modify your theme you need to change the permissions back to 666 temporarily. This is a small price to pay not to get hacked.

via HOW TO: Secure Your WordPress Blog.

Some good advice on security for WordPress from the comments.

With numerous incidents having taken place already, Twitter is cracking down by filtering URLs to known malicious sites. Try posting a link to such a site, and you’ll receive the warning: “Your Tweet contained a URL to a known malware site!”

…

While Twitter (Twitter) does not appear to check these URLs for malware, market leader Bit.ly checks links against the the spam-filtering services SURBL and Google Safe Browsing, and additionally inserts a warning page if a URL is flagged as spam. We’ve found Bit.ly to be extremely responsive to these issues, clamping down on a rogue URL within minutes of our report. Combined, Twitter and Bit.ly are making it harder – but by no means impossible – to launch effective malware attacks on the service.

via Tweet Safer: Twitter Now Blocks Malicious Links.

Good news for safer tweeting.  I really like bit.ly

As we reported earlier today, security experts Charlie Miller and Collin Mulliner have exposed an iPhone virus that could allow criminals to control your phone just by sending a single text message (SMS). Their presentation, at the Black Hat conference in Las Vegas, is making a lot of waves, but the details are scattered or overly technical for most iPhone owners.That’s why we’ve done some research on the information that has come out on this security vulnerability. The technical detail involved in the hack can be overwhelming, so we’re synthesizing it down to the key points – as well what you can expect. Don’t be alarmed, but be vigilant. Here’s the security breakdown:

1. The major issue is a security flaw involving SMS. Specifically, the hack can control an iPhone remotely, including your iPhone’s camera, Safari (), and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.

2. The hack works by sending you code in an SMS message (or a series of messages) that crashes your iPhone. After that, your iPhone is theirs to use.

3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.

…

8. Apparently Google Android, Windows Mobile phones, and Palm Pres are vulnerable to similar hacks. The team demonstrated the attack on an Android () phone and a Windows Mobile phone.

via iPhone Hack Exposed: The Key Facts.

Scary new hack.