Wordpress (and plugins) have changed over the years. There are some simple things you can do to make a WP install more secure. At the WordPress Codex site: [codex.wordpress.org...] they spell out the issues and solutions. There are also a raft of plugins for common issues.

Without some kind of membership only settings (no SEO benefit there) or password protected directories (same problem) you will be relying on the same methods you use for the rest of your site. WP is not more insecure than other CMS platforms imho, but with so many users and so many inexperienced users, it made a good target.

Thanks for reply...what I take from it is that the questions I raise aren't necessarily novel, and that the WP platform has evolved to a point where some straight-forward vigilance should leave me feeling pretty good.

But if I can dumb it down for a minute, where does that really leave me vis-a-vis the Q I started with, which is whether -- *IF* my WP installation were to get compromised, let's say because of an insecure plugin I have installed -- would an attacker be able to take down my ENTIRE mysite.com site, or would I be able to limit any infiltration to the blog.mysite.com directory where I'd presumably have WP installed?

(Or am I asking the wrong question?:)

No, it's a good question. I don't know of any way to separate a part of your site from the rest of the site and allow public access and crawling to both areas. Maybe another member here can help out with that part of your question.

if your WP blog is on a separate hostname it can be hosted on another web server.

Hm...sorry, not quite sure what you mean. What's a "hostname"?
As I wrote in the OP, my site is at mysite.com, but I publish the site's blog at mysite.NET. But I want to move it over to a subdomain of the main site, perhaps blog.mysite.com.

Just confused by what a "separate hostname" refers to / also what you mean by "hosted on another web server".

example.com is domain.
it could also be a hostname - as in this url, for example:
http://example.com/

www.example.com is another hostname on the example.com domain which is often hosted on the same web server as example.com.

blog.example.com is yet another hostname which could be on a different web server that specializes in WP blog hosting.


your DNS configuration determines how each of these hostnames resolves to the IP address of the appropriate server.

the virtual host configuration of the web server(s) determines which virtual host gets the request for each hostname:port served.

OK...so if I"m understanding, let's say my website is mysite.com, and I buy the domain name and hosting from GoDaddy, who host it on one of their servers and assign me IP address 123.456.789.01

You're saying that I could buy separate hosting from, say, Tucows who would assign me an IP address on THEIR server (555.666.777.88), where I could install WP and host/administer my blog, and simply point blog.mysite.com to my WP blog hosted on a completely different server than my main mysite.com web app? (Users, of course, wouldn't notice anything different, as they'd get served my WP blog content and see blog.mysite.com in their browser.)

Am I understanding that properly? And if so, let me ask the obvious question: would the fact that they're on separate servers prevent the very SEO-juice-consolidation that I'm trying to achieve by moving my blog from mysite.NET to blog.mysite.com? IOW, will Google see that they're different IPs on different servers, and therefore not aggregate the SEO juice generated by their respective content (in essence leaving me no better off than I am right now with two completely separate domains)?

QUESTION:

Wouldn't installing wordpress onto a separate database (all by itself) with a separate user and separate password be a good start?

Would that mitigate MOST of the potential damage that could occur to the other areas of their site?

Or is that just a false hope?