WordPress Security Audits, Anyone?

How secure is your WordPress blog?

This is one question that usually escapes bloggers until that time when you wake up and see that your blog has crashed, gone offline, or–worse–been vandalized. While you can always revert to backups, you’re not sure those are recent. And it’s not always a walk in the park to restore from backup. And need I mention the downtime?

Most experienced bloggers would know how to secure their blogs. It usually involves a more strict file and folder permission set, stronger passwords, updated software and plugin versions, and the like. But not everyone knows everything about securing one’s blog installation. More importantly, not everyone has the time to do so on their own, especially those who run multiple blogs.

I must admit that in one way or another, I’ve fallen into this trap of complacency and many of my blogs are not 100% secure. And so, with the prodding of David Peralty, and with encouragement from several colleagues at the Hive, we’re planning to offer WordPress security audits as part of Performancing Services.

Details will unfold soon. But from what I’ve outlined so far, the service would be two-pronged, much like our copyright management service. First would be the audit–where we scour your site for holes and potential problems, and we will give you a report containing recommended actions. Second, if you choose to have us do the actual legwork, we will then do it for you.

Does this sound like a good idea? I’m pretty sure there are tools out there that can practically do the same thing, but of course there’s no substitute to human judgement (and imagination).