| Avoid Wordpress...really? I can understand avoiding shared hosts because you have less control of the environment but going to an alternative blogging platform because it is more obscure than Wordpress seems to be a bad approach (and if you go with a vps solution you might have the headaches of maintaining a secure distro). This is like saying "you should use Linux or Mac because Windows gets attacked more". Any piece of software that is popular (I saw a recent statistic that wordpress powers %10 of the top 1 million sites as ranked by Alexa) will be much more vulnerable to attack than less popular software. At the same time, you get a bigger community and all the goodies that come along with that popularity (more plug-ins, themes, etc...). I don't think that getting rid of the software is the correct approach in this case. You need to approach it by assuming that your wordpress site will be attacked every day and you need to have a plan to remediate this. There is no perfect security unless you unplug your web server from the internet. For a one blogger site - one simple approach would be to: 1. Run something like open source tripwire (http://sourceforge.net/projects/tripwire/) on a nightly basis so you can get alerted if any wordpress files get changed (HN peoplez: anyone have a better tripwire-ish solution that is free?) 2. Run a nightly backup of your files and db and mail it to an external account (like a gmail account) 3. have a script that can reload your files and database quickly from your backups (obviously - this needs to be tested) 4. subscribe to the wordpress security list and to a blog like http://www.wpsecuritylock.com/blog/ |