1. Prevent Unnecessary Info From Being Displayed
2. Force SSL Usage
3. Use .htaccess To Protect The wp-config File
4. Blacklist Undesired Users And Bots
5. Protect Your WordPress Blog From Script Injections
6. Fight Back Against Content Scrapers
7. Create A Plug-In To Protect Your Blog From Malicious URL Requests
8. Remove Your WordPress Version Number… Seriously!
9. Change The Default “Admin” Username
10. Prevent Directory Browsing

Source: http://bit.ly/drXo8o

WordPress is a great blogging platform with a potential of being an easy to use content management system.

WP-CMS Post Control Plugin
This plugin gives you complete control over your write options. It not only allows you to hides unwanted items like custom fields, trackbacks, revisions etc… but also gives you a whole lot more control over how WordPress deals with creating content! This helps you use WordPress more like a CMS, alowing you to totally customise what your authors see and use.

Role Scoper Plugin
Role Scoper is a comprehensive enrichment for access control in WordPress, giving you CMS-like control of permissions. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.

Wordpress Navigation List Plugin
The plugin gives you the ability to create unique site navigation from your pages, categories and users using a Drag ‘n Drop Interface; arrange the items within a group in any arbitrary order. Navigation groups may be composed of any combination of pages, categories, Authors, (Editors, Contributors, Subscribers), internal/external links and list dividers. This plugin has a lot of other great features, you have to check it out.

xLanguage Plugin
xLanguage is a full featured plugin allows you to blog in different language, and allows user to select which version to read. It works for blog post, page, tags, categories. The user language preferences will also select the right theme and plugins MO files.

All in One SEO Pack Plugin
Optimizes your Wordpress blog for Search Engines: page titles, meta tags, keywords, and descriptions. This plugin allows you to configure them for either your entire blog or on a post by post basis.

NextGEN Gallery Plugin
NextGEN Gallery is a full integrated Image Gallery plugin for WordPress with a Flash slideshow option. It can turn a regular blog into a powerful photo-blog while giving you all the tools to manage it efficiently and easily.

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public access to the settings area with a log-in page. This is the cornerstone of its protection. Let’s dig deeper!

This article focuses on defending the administration area of WordPress, meaning all those pages in the wp-admin folder (or http://www.yourblog.com/wp-admin/) that are displayed after a user a verified. We bolded the phrase “after a user is verified” deliberately: it should be explicitly understood that only a simple query stands in the way of an evil hacker and the powerful admin area of your whole blog. The latter is only as strong as the passwords that are generated.

To make an attack more difficult, you should perform the following actions manually. These solutions do not guarantee 100% security, but you can create effective stumbling blocks on a hacker’s way to the administration area. Read More…

I’ve always been a firm believer that WordPress can be more than just a “blogging platform.” With the power of themes and plugins, WordPress can be extended to do much more than just blog. This post over at the ThemeForest blog highlights several examples of WordPress themes that bring WordPress to higher levels of functionality.

• Content Management System
  • (recently I have used WP as a CMS for a site: Click to View
• Magazine
• Job Listings
• Showcase
• Portfolio
• Real Estate
• Game/Film Review
• A Forum
• Twitter

Most of the themes featured on the post are commercial, available for purchase on ThemeForest or other outlets.

Can you think of any examples of innovative WordPress sites or themes that really push the envelope?

It was just announced that WordPress 2.6.3 has been released due to a security issue in something called Snoopy. Snoopy is something that grabs the feeds that are displayed in your dashboard. It’s supposed to be a relatively minor risk. If you don’t want to download the whole upgrade, you can get the following 2 files from the release post:

• wp-includes/class-snoopy.php
• wp-includes/version.php

And replace them. I just upgraded and it was a pretty painless process.

Theme Switcher allows your readers to switch among installed themes.

Installation

1. Download theme-switcher.php.
2. Copy theme-switcher.php into your wp-content/plugins folder.
3. In the WordPress Admin Panel, activate the Theme Switcher plugin on the Plugins tab.
4. Add wp_theme_switcher() to your template. See Usage.