I recently had to move a bunch of Wordpress sites. Wordpress, generally, is terribly insecure. Here are my notes for configuring and hardening Wordpress. Certainly these measures are incomplete. I gathered them from several sources. I write them here, for posterity, and so I don't forget in the future. Steps include setting file permissions (644 for files, 755 for directories), disabling PHP execution in uploads, and adding .htaccess rules to deny direct access to sensitive files…
Read more about Hardening Wordpress File Permissions
