I found some use full tips to start...
Security starts with your operating systems.
- Make sure web server is run by non-root user such as www or apache.
- All wordpress files are owned by root:root (use chown command).
- Set all files permission to r--r--r-- (0444 using the chmod)
- Set directories permission to r-xr-xr-x (0555) using the chmod command)
- Only set read-write permission for upload directories and caching directories.
- Turn on SELinux (assuming that you are using Linux with SELinux patches).
- Only install limited number of wordpress plugins
- Update and apply patches to Wordpress, operating systems, apache,php,mysql as soon as they are available.
- Subscribe to security mailing lists.
- Use /etc/sysctl.conf for hardening.
- Harden other part of LAMP such as PHP and mysql too.
can i have some tips on last point Harden other part of LAMP...