This included:
*Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www-data. However, then you won't be able to install plugins etc. A compromise is -R root:root for blog and then www-data:www-data for blog and then root:root for .htaccesswp-content.
*Check file permissions: Everything is 644, except wp-content which is 755
*Checking dbase rights and setting new passwords.
deny from all
</files>
Once I'm all done with the theme etc., I can uncomment the following from wp-config.php
define('DISALLOW_FILE_EDIT', true);
If there are plugin installation issues then add to wp-config.php
define('FS_METHOD','direct');
Likewise, to address some of the issues Once I'm all done with the FTP server (see below) add: define( 'WP_CONTENT_DIR'theme etc., 'I can uncomment the following from wp-content' );config.php define( 'FTP_BASEDISALLOW_FILE_EDIT', '/var/www/html/blog/' true);
==HTTPS==