WordPress, with its five-minute install does a great job of simplifying use of web applications. It just falls short of providing good out-of-the-box security to the blog.
Your blog, like your email or your Facebook profile, is your online identity. Yes, that’s why we have an authentication system, but sending plaintext passwords to the server isn’t a great default setting. Well, going for a security certificate for something as basic as a blog will be too farfetched, but the nice CHAP protocol is good enough for all our secure login needs. And it is available as a WordPress plugin thanks to redsend.org. Yay!
So there you go. Not a single line of code written, and your wordpress login is secure, even when you go wireless. That wasn’t so hard!
The other security feature that we need is protection from comment spam. This is a more commonly known problem, as you can “see” your blog being misused, unlike in the situation explained above. There are a hell lot of spam protection plugins available. You can either go for a strong Captcha system like MyCaptcha, or prefer to go easy on people kind enough to comment on your post and filter out spam automatically, using Akismet or Defensio. I prefer the latter method and it has been pretty accurate till now.
That’s it. Your wordpress installation is secure from all the bad guys. Well, most of ‘em, anyway. There’s nothing like investing five more minutes after the five-minute install for a bit of security. Blog safe!