Are major WordPress updates mandatory for security?

Yes and no, it depends. When a security issue is fixed, it’s usually backported, so officially the answer is no, you don’t have to update to the latest major release. However Backporting only goes back so far though, and you’ll eventually be left in the dark given enough time. This would take many years currently, … Read more

Secure Server after configuration

Have a look at this excellent question and answers on Server Fault that discusses how to secure your LAMP stack. Make sure your FTP user can only access the directories you want. Setup sudo to allow a non root user to run commands as root. Lock down your ssh so that root cannot log in … Read more

User generated content and security

You need to stop listening to people who says PHP and WordPress is not secure. Its how you do it. You can do it in WordPress, without using BuddyPress. In fact you don’t even need it for anything. All you need to make default users contributors, and a small plugin which takes care of their … Read more