Pragmatic Programmer Issues

It is better to harden your WordPress

During the Polish Long Weekend (actually very long), I had some speare time. I had great time with family, so after my little devils felt asleep. I though: “Let me see what I have in my draft post list” (which it is huge btw). One of interesting entry from January is “Hardening Wrodpress”.

Finish it!

The story went like that: I opened my blog at, but instead of my blog I had got this (see screenshots).

chrome warning
chrome warning
safari warning
safari warning


firefox warning
firefox warning

What’s the hell! I check different web browsers and I had the same judgment.

Fortunately I’m Google Webmaster Tools user, and I remembered that there is diagnostic page, I ran it for (click link to see actual report). Original result (4.january.2013 below).


With my colleague (js-expert), we did backward engineering of the script. Nothing interesting,  I can put gists in comments (have to grep gTalk history :)) if you are interested in, anyway the security issue was in one of the plugin, so I made quick decision – remove it (I have no code highlighter right now ;/).

What is extremely important here is that, instead reading yet another tabloid (put your favorite name here), read security information of your platform, and perform updates if needed.

Of course I had lamer (mean standard) configuration of WordPress.

So I went through those documents:

and you should at least consider this ideas:

  • Authentication Unique Keys and Salts
  • WordPress Database Table prefix
  • Protect wp-config.php
  • Relocate Your wp-content Folder

Last but most important step was to beg google ;). You can do it through Google Webmaster Toolkit (ask for review Health->Malware). It may take up to few days to review your site (in my case 3 days). I’ve updated plugins and WordPress engine:



And this it is.