Skip to content
You should:
- Change the default user name directly in the database.
- Put files that contain login credentials outside your webroot.
- Don’t allow writable directories. (With details….)
- Don’t allow users to upload anything. Sorry.
- Avoid toxic data.
- Patch like mad.
- Use a security notification plugin like Sucuri (and actually pay attention).
- Change your username if the crackers find it.
- Consider a scanning service, or at the least a scanning plugin.
- Understand the particular security controls built into your programming language. (They all have them.)
- Don’t write your own security controls, or your own encryption. Never never never.