The best way to make this work is to use the Jetpack plugin, and enable the post-by-email feature.
That gives you an e-mail address where anything it receives is published as a blog post.
However, I found I couldn’t get it to work until I switched from ithemes security to wordfence. Apparently, it’s a known problem: ithemes security blocks xmlrpc, so post-by-email isn’t available..
I’ve been using this plugin for ages without any problems.
TWO of my sites went down with mysterious “Internal Server Error” messages.
Even the usual URL/license.txt routine generated the error, so it was clearly not a WordPress problem exactly.
I actually went as far as logging a support ticket with Unlimited Web Hosting, but I was already suspecting the htaccess file.. Sure enough, there was an error (a missing word) in there, caused by BWP.
I corrected this, and it’s sorted.
So, here’s how to fix this problem:
As it stands, WordPress Security is OK.
It’s certainly a LOT better than the security I had on my home-brew php/mysql website before I got into WordPress. (that site was hacked, which is WHY I got into wp).
BUT. And it’s a big BUT, it could easily be better.
A standard WP install has certain vulnerabilities a hacker can exploit:
All of these security holes can be used by a hacker to gain access and/or modify your content.
One of my sites was recently taken offline by my hosting company because their security software detected a password hacking attempt. Mega-Kudos for that! – WordPress would have let them get on with it!
So I’ve been installing a plugin called “Better WP Security” on my higher-risk sites.
It’s already detected (and banned) a Russian hacker (in St Petersburg) attempting a password hack. I’ve also rolled his hostname out to my other sites as a precaution.
None of my sites now have an “admin” account, an account with an ID of “1”, or a database table with a “wp_” prefix. I’ve implemented blacklisting (using a known list of bad hosts and user agents), so known bad people don’t even get a look-in.. and a host of other security measures including automatic timeouts between failed attempts, and permanent (automatic) hostname banning.
The more obstacles you can put in their way, the more chance the hackers will move on to easier targets elsewhere..
I recommend “Better WP Security” – and it’s free!