If you’ve ever been frustrated with trying to remember passwords for hundreds of websites, across multiple web browsers and multiple computers…there’s finally a bulletproof solution.

LastPass is a kickass free browser plugin that allows you to save web account information (username/passwords) and retrieve them from any computer.  All you ever need to remember going forward is your LastPass password, hence the name “last pass”.

Why does it “own”, you ask?

• Works on multiple platforms:  Windows, Linux, Mac
• Works with every browser
• Way more secure than storing passwords on your local PC using the embedded password manager that comes with IE, FireFox, Chrome, etc.
• Super easy to use!
• Also comes with auto-form population
• If you’re on vacation or using someone else’s computer, you can retrieve your passwords…such a time saver
• Auto-generates secure passwords, so you can start using crazy complicated and unique passwords for every new site rather than using the same password repeatedly like most people currently do

Check it out! I’ve recommended LastPass to a handful of close friends already and they’ve been very impressed, so I’m confident you will be too.  It’s not often that a free application comes along that is genius and something you soon wonder how you ever lived without.

Here’s a bunch of pointers that I gathered from various sources and use myself for each WordPress site I create.  It’s assumed you have a decent understanding of web servers, FTP clients, and IP addresses.

Ya never know when you might write a post that pisses off some random hacker in Czechoslovakia who decides to delete all your work or just post naked pictures of himself to scare your visitors.  Better safe than sorry, right?

1. Add Secret Keys to your wp-config.php file
   • Go to this site – http://api.wordpress.org/secret-key/1.1/
   • FTP to the root of your WordPress installation (ie. www.yourdomain.com/)
   • Copy and past the 4 rows into your wp-config.php file (anywhere should be fine)
   • Upload the updated file back to your web server
   • You may need to log out and back into WordPress for the keys to get picked up
2. Delete the Admin account
   • Backup your database (always a good idea when making drastic changes like this)
   • Create a new user with Admin privileges
   • Login to the new user account
   • Delete the “Admin” account (I would recommend checking the “Attribute all posts and links to…” radio button)
3. Protect your “plugins” directory
   • FTP to your WordPress installation root/wp-content/plugins folder
   • Upload an empty file called index.html (you can create it in Notepad)
     
   • This makes it so that people can’t browse your plugins directory and possibly figure out how to exploit certain plugins you have installed
     
4. Secure your “wp-admin” directory
   • FTP to your WordPress installation root/wp-admin folder
     
   • Upload an .htaccess file (if you can’t create the file on your Windows PC, you can upload another empty file, like bla.txt and rename it on your web server)
   • Make the contents look something like this –>
     
   • Of course the xx.xxx.xxx.xx IP address must be replaced with your actual IP.  If you aren’t sure what it is you can go to www.whatismyip.com
     
5. Hide your version of WordPress
   • In the WP admin panel, go to Appearance > Editor
     
   • Open the header.php file
     
   • Browse for something like this and delete it:   <meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />
   • Save your changes
   • This prevents a would-be hacker from targeting your specific WP version for attacks