Recommendations to secure your Geeklog site.
Please follow the recommendations outlined in the installation instructions and contained in the reminders that are built into Geeklog:
- Change the default password of the Admin account!
- Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
- Change the permissions for the db-config.php and siteconfig.php files so that they are no longer writable.
- Geeklog 1.6.0 (as of beta 3) provides some protection against Clickjacking. It's enabled by default and should usually be left that way.
- Consider using an account that has only the permissions that you actually need. For example, you may be spending most of your time on the site writing articles. For that, you do not need to be in the User Admin group.
Staying up to date
We recommend that you subscribe to the (low traffic) geeklog-announce mailing list to be informed about new Geeklog releases and security issues. You can also subscribe to the RSS feed of the Security topic on the Geeklog homepage.
(to be continued)