How can I create a private site that is inaccessible from the outside?
I need a safe place where I can store data about projects that I am working on. This data includes text and files (pictures, sound and video).
I want to create a private “blog” for this purpouse that is accessible only by myself.
The reason behind this is that I can access the data from anywhere, the solution is platform independent, searching the data should be easy using the WordPress search bar and metadata can be added to all the uploaded files.
My only concern is security – what are my options in securing the contents of the web repository?
The problems I am still facing:
If someone breaks past .htpasswd (by brute forcing it, is there a way to block access to the server for a day after several tries at htpasswd?) all uploaded files (images, sounds and movies) can be accessed if the attacker can guess the direct url for the file.
My vision is to use .htaccess for 80% of the security measures – it is WordPress independent and should survive software upgrades.
But I am really unsure about all the potential holes that I have to plug in WordPress.
Can you point out other security issues that I have missed and ,ideally, also a solution for them?