Here’s something I came across last November after I found out that a couple of my older websites using outdated versions of wordpress got hacked; its called the WordPress Security Whitepaper. Its completely, free, translated in several languages (english, simplified chinese and italian). Before I continue writing any further, I just want to give full credit to Blog Security (link at the bottom of this post).

The WordPress Security Whitepaper (pdf) has been a work in progress since 2007 and has been such a tremendous help to the wordpress blogging community, and I just had to write about it. You will learn not only how to install wordpress properly, but also important security procedures such as blocking IP addresses, limiting user access, restricting access to wp-install and wp-content directories and more. This document is an important find and I really appreciate the fact that there have been so many people contributing to the document over the years. Thank you. What's inside the WordPress Security Whitepaper: New Revision: v1.2 (Apr/08) Table of Contents: (1) Introduction (2) Installing WordPress (2) Accessing your WordPress tables (2) Changing your WordPress Table Prefix (3) Before Installation (3) Manually Change (4) WP Prefix Table Changer (5) Preparing the Blog (6) Changing your Admin Username (6) Create a new limited access user (7) Hardening your WP Install (9) Restricting wp-content & wp-includes (9) Restricting wp-admin (9) Block all except your IP (9) Password Required – .htpasswd (10) The .htaccess file (10) The .htpasswd file (10) SPAM (11) Blog Encryption (12) Key Plugins (13) Disabling WordPress Errors (13) Removing the WordPress Version (13) Security Above and Beyond (14) WPIDS – Detect Intrusions (14) WordPress Plugin Tracker – Are you updated? (14) WordPress Online Security Scanner (15) The End (15)