security for the paranoid

You have been poking around where you shouldn't have been, and are now BANNED from Hybrid Elephant!i’ve been reading all about the hacks that are common on wordpress and OSC software recently and getting paranoid again. a while ago – after i was hacked the first time – i did some basic things to help me deter hackers: i renamed the OSC administration folder to something less obvious, and i wholesale deleted my file manager (which i never used anyway), but that did little to asuage my raving paranoia, so, along with more standard and practical approaches, like .htaccess, i have also installed a number of things to dissuade unfettered poking around my server, including (but not limited to) exploit scanner, NoSpamNX, and Simple Trackback Validation on my wordpress installation, and IPTrap, OSCSec, SiteMonitor and SecurityPro on my OSC installation.

i’m particularly proud of the “Banned” page, which you can find if you go poking around my server looking for links that you probably shouldn’t have… 👿

but despite all of this experience-based prophylactic action, i’m still paranoid, and it doesn’t help that my more sophisticated clients are expressing their paranoia as well.

2 thoughts on “security for the paranoid”

  1. all of the wordpress stuff i installed are plugins, and they are named here the same way they are named at the wordpress site…

    and they are all EXCELLENT (in that i don’t have to do anything “technical”) and they keep my spam-comments and spam-trackbacks to a minimum.

    i’m actually a lot more impressed with the OSC stuff i have installed, though, because with OSC, they’re expecting you to modify the code (which is a little bit more “technical” than WP) and, when you do, the web-site-behaviour that results is something that you can’t get with a plugin… 8)

  2. since I now have not one, but TWO, WordPress installations running, that Simple Trackback Validation thing sounds mighty tempting. I’ve already had to mark one “trackback” as spam (and two comments) and that was before I installed the 2nd iteration of WordPress (for the personal blog).

    I’m assuming it’s a plug-in and will therefore search for it as such.

    I’m not really paranoid, but I am lazy. The less “manual” monitoring of such stuff that I have to do, the happier I am.

Comments are closed.